==================================================================
EDRI-gram
bi-weekly newsletter about digital civil rights in Europe
Number 2.4, 27 February 2004
==================================================================
CONTENTS
==================================================================
1. Fast track procedure for IPR Enforcement
2. EU Commission proposal for biometrics in passports
3. UK government welcomes report about data retention
4. EU ruling on Microsoft by the end of March
5. Major European companies into RFID-development
6. EU to promote research track & trace technology
7. Dutch government: Cryptophone protects privacy
8. Recommended reading: biometrics
9. Agenda
10. About
===================================================
1. FAST TRACK PROCEDURE FOR IPR ENFORCEMENT
===================================================
The European Union's disputed Directive on the Enforcement of
Intellectual Property Rights is scheduled for a fast-track procedure that
may lead to it being adopted by the European Council in little more than
two weeks. At present, it is still under discussion in the Brussels
Parliament. The Rapporteur, French Conservative Janelly Fourtou, and the
Council both wish to pass this Directive in First Reading, before the
enlargement of the European Union. Trying to avoid delay by too much
discussion, they have each chosen the fastest procedure possible in their
respective institutions.
The final discussion about the report in the Parliament's Legal Affairs
Committee took place on Monday 23 February. The item was scheduled at the
very last minute, the Friday before, when most of the Members of
Parliament were already gone. With many MEPs still on their way to
Brussels on Monday, only 14 MEPs were present. The discussion only lasted
15 minutes after the Council and the Commission had ended their formal
introductions.
The longest speeches were given by Arlene McCarthy MEP (Social Democrat,
UK) and Malcolm Harbour MEP (Conservative, UK), who both claimed that this
Directive was not mainly about the Digital world, but about counterfeiting
of tangible goods. There is no proof for that in the text, however.
Technically, the debate was about the amendments that the Rapporteur had
laid down, together with McCarthy and with Toine Manders (Liberal,
Netherlands) and which reflect verbatim the Common Position of the
Council. This position had been fine-tuned, behind closed doors, in five
so-called trilogue meetings between the Parliament and the Council during
the previous weeks. The Legal Affairs Committee did not vote on the
amendments of Mrs. Fourtou: she chose to table them directly to the
Plenary.
MEPs may now lay down additional amendments until 4 March. The vote will
take place on 9 March in Strasbourg, preceded by a plenary debate the day
before. Already on 10 March, the outcome of the vote will be considered by
the Council's Committee of Permanent Representatives (COREPER). On 11
March, on the occasion of the meeting of the EU Competitiveness Council,
ministers may sign it off if it has been agreed by the Permanent
Representatives.
Though some of the concerns of civil society and internet providers have
been taken into account in the drafting of the Common Position, the text
remains problematic. The scope of the directive is extended to cover "any
infringement of intellectual property rights as provided for by Community
law and/or by the national law of the Member State concerned." At the same
time, the Commission's initial limitation to infringements which are
"committed for commercial purposes or cause significant harm to the right
holder" has been deleted.
The term "intellectual property rights" is not defined, creating the
possibility of a large range of abuses. Because the enforcement is not
limited to large-scale infringements, kids downloading songs from the
internet risk the same kind of treatment as large-scale counterfeiters of
trademark designer clothes.
EDRI-member organisation FIPR has prepared a set of amendments to deal
with the worst deficits in this Directive and is preparing, together with
a range of other organisations, a rally in Strasbourg to promote these
amendments and to encourage MEPs to vote against the Directive if some
minimum requirements are not fulfilled.
The European Commission's initial proposal for a Directive
http://europa.eu.int/smartapi/cgi/sga_doc?smartapi!celexplus!prod!
CELEXnumdoc&numdoc=32001L0029&lg=EN
Amendments proposed by FIPR and EDR
http://www.ffii.org.uk/ip_enforce/andreas2.html
Campaign Info
http://www.ipjustice.org/CODE/
(Contribution by Andreas Dietl, EDRI EU affairs director)
============================================================
2. EU COMMISSION PROPOSAL FOR BIOMETRICS IN PASSPORTS
============================================================
The European Commission has adopted a proposal for a Council Regulation
that will set legally binding minimum standards for harmonised security
features, including biometric identifiers, in all EU passports.
The Commission chooses facial images as a mandatory biometric identifier
for passports. Fingerprints can be added as an option at the discretion of
Member States. The proposal sets out the minimum standards and will not
stop Member States that wish to go further.
Inclusion of a facial image on a contact-less chip would allow EU Member
States to meet the requirements of the US Visa Waiver programme in
conformity with standards of the International Civil Aviation Organisation
(ICAO). The US demands the inclusion of facial images in passports from EU
countries in order to continue participation in its Visa Waiver programme
after October 2004. Justice and Home Affairs Commissioner Antonio Vitorino
will travel to the US in May to discuss the looming deadline with US
officials. However, for the US to change the October deadline is almost
impossible. It would have to go through Congress as it would require a
change in the legislation.
The Commission additionally wants to set up a centralised,
biometrics-based 'EU passport register', which would contain the
fingerprint(s) of passport applicants together with the relevant passport
number.
The Commission is optimistically searching for advantages of the proposal:
"It would furthermore create a harmonised level of security in relation to
European passports and thus not discard some EU citizens from benefits
just because of their less secured national passports. A common effort
could strengthen the European position towards the US."
Earlier, EDRI-gram reported about a proposal to include biometric
identifiers in EU visa's and residence permits. The current follow-up
proposal also stems from a decision by the European leaders made during
the June 2003 EU summit in Greece to develop a 'coherent approach on
biometric identifiers' and 'harmonised solutions for documents'.
Some EU countries such as the Netherlands and Denmark are already
developing biometric identifiers in their passports.
The EU proposal is currently under discussion in the European Parliament's
Civil Liberties and Internal Affairs Committee. The Rapporteur, Danish
Liberal Ole Sorensen, is sceptical about the adequacy of the Commission
proposal and is organising a public hearing on 2 March.
Proposal for a Council Regulation on standards for security features and
biometrics in EU citizens' passports, COM 2004/116 (18.02.2004)
http://europa.eu.int/eur-lex/en/com/pdf/2004/com2004_0116en01.pdf
Statewatch: Everyone will have to have their fingerprints taken to get a
passport (February 2004)
http://www.statewatch.org/news/2004/feb/26eu-biometric-passports.htm
===================================================
3. UK GOVERNMENT WELCOMES REPORT ABOUT DATA RETENTION
===================================================
The UK Government has given a guarded welcome to a review of its data
retention powers. The review came from the Newton Committee, which was
set up by the Anti-Terrorism, Crime and Security Act 2001 that created
these powers.
The Committee, even though empowered to revoke some powers, supports the
principle of data retention for up to a year. The review recommends some
changes to the form of the legislation, widening the scope from fighting
terrorism to the more general area of serious crime.
The Government has just published a response to this review, which agrees
with the proposal to move retention from anti-terrorism to general
legislation. It suggests that the most appropriate location for the
powers would be in an addition to the Regulation of Investigatory Powers
Act 2000, which already governs access by authorities to stored
communications data. This would bring retention of data under the same
oversight regime as access, which is controversially regulated by the
Interception Commissioner. The Committee had suggested instead that the
Information Commissioner be responsible for oversight.
However, the government disagrees that a limit of one year on retention
should be put in primary legislation, arguing that the communications
industry changes too quickly for such a limit to be fixed in this way.
Nor do the authorities promise any concrete action on limiting government
access to communications data under other pieces of legislation.
EDRI-members FIPR (Foundation for Information Policy Research) and Privacy
International were disappointed by the Committee's support for data
retention. FIPR and PI had argued that these powers were an unjustified
invasion into UK citizens' private lives under the European Convention
on Human Rights. Neither group was surprised that the government
welcomed the Committee's support for retention whilst rejecting its
calls for even the most minor limits on the powers.
The Government's response can be read at
http://www.homeoffice.gov.uk/docs3/CT_discussion_paper.pdf
(Contribution by Ian Brown, EDRI-member FIPR)
===================================================
4. EU RULING ON MICROSOFT BY THE END OF MARCH
===================================================
Antitrust regulators from the all EU member States will discuss a draft
European Commission antitrust ruling against Microsoft in Brussels on 15
March. In a second meeting on 22 March the regulators will discuss the
measures, including fines, that will be taken against Microsoft. It is
expected that the final ruling will become public in the days after the
meeting.
The EU Commission has drafted a ruling that finds Microsoft guilty of
abusing the dominant position of its Windows operating system. The
Commission has been investigating Microsoft practices since 2000,
following a complaint by Sun Microsystems. Sun accused Microsoft of
abusing its dominant position in the market by not releasing crucial
information about the communication between computers and servers running
MS Windows. The Commission is also investigating the tying of Windows
media player into the Windows operating system. This makes competition for
other media players very difficult.
Microsoft can be obliged to reveal interface information so that rival
vendors of low-end servers are able to compete on a level playing-field.
For Windows media player the Commission can force Microsoft to offer a
version of Windows without Windows media player.
The Financial Times reported that internal market Commissioner Bolkestein
has intervened to prevent harsh measures against Microsoft.
Microsoft statement
http://www.microsoft.com/presspass/press/2003/nov03/11-14eustatement.asp
EU Antitrust case against Microsoft
http://europa.eu.int/comm/competition/antitrust/cases/index/by_nr_75.html#i3
7_792
===================================================
5. MAJOR EUROPEAN COMPANIES INTO RFID-DEVELOPMENT
===================================================
The European commercial interest in the development of spy-chips (RFIDs)
is growing rapidly. Radio Frequency Identifiers are very small wireless
chips that can be read without touching them.
Intel and Siemens have just announced they will open an 'RFID Technology
Centre' in Germany in March, near Munich. The companies wish to present
'experience-able RFID-technology', to show the usability of the mini-chips
in logistics, in supply-chain processes, and last but not least, in
customer relationship management.
Earlier this month IBM and Philips also announced a partnership to develop
and use RFID-tags. Within this collaboration, Philips will produce the
chips, while IBM takes care of the computer-systems and services. They
will start their collaboration in a Philips semiconductor factory in
Taiwan, where they will put the spy-chips on cartons and packaging
materials.
Currently the cost-price of the chips, between 10 and 20 eurocent, still
makes it too expensive to put them on all consumer products, but the price
is expected to drop rapidly as more applications appear. Privacy experts
warn about the possible dangers, such as the tracking and tracing of
everybody's behaviour and movement through the 'network of things'.
Products with RFID-tags should be labelled, the tags should be switched
off permanently after paying for the product, and the tags should be put
on the packaging material if possible, instead of melted into the product.
Intel and Siemens partnership (article in the German e-zine Heise)
http://www.heise.de/newsticker/meldung/44920
Press release Philips (26.01.2004)
http://www.semiconductors.philips.com/news/content/file_1030.html
RFIDwatch: critical website with news, in German and English
http://www.unwatched.org
===================================================
6. EU TO PROMOTE RESEARCH TRACK & TRACE TECHNOLOGY
===================================================
According to a new Communication on the research into security, the
European Commission plans to fund research on "tagging, tracking and
tracing devices ... that improve the capability to locate, identify and
follow the movement of mobile assets, goods and persons".
The Commission announces the launch of a new funding program entitled
'Enhancement of the European industrial potential in the field of Security
research 2004 - 2006'.
The program is a so-called 'Preparatory Action'. It should set the agenda
for advanced security research from 2007 onwards. The action is funded
with 15 million Euro in 2004 and approx. 65 million Euro overall.
Among the goals of the research is the improvement of 'situation
awareness'. Relevant issues for the different projects are identified as
"(...) Demonstration of the appropriateness and acceptability of tagging,
tracking and tracing devices by static and mobile multiple sensors that
improve the capability to locate, identify and follow the movement of
mobile assets, goods and persons, including smart documentation (e.g.
biometrics, automatic chips with positioning) and data analysis techniques
(remote control and access)."
A call for proposals will be published 'toward the end of March 2004'.
Commission Communication COM 2004/72 (03.02.2004)
http://www.europa.eu.int/eur-lex/en/com/cnc/2004/com2004_0072en01.pdf
Analysis Statewatch
http://www.statewatch.org/news/2004/feb/23Aeu-plan-security.htm
(Contribution by Andreas Krisch, EDRI-member VIBE!AT)
===================================================
7. DUTCH GOVERNMENT: CRYPTOPHONE PROTECTS PRIVACY
===================================================
The Dutch minister of Justice Donner has answered parliamentary questions
about the introduction of a commercially available crypto-GSM.
The Cryptophone was developed in the Netherlands and is sold through a
German company. The device is a combined GSM and organiser running Windows
Pocket PC. The Cryptophone uses open-source software that encrypts the
call when connecting to another device of its kind. The phone should make
it impossible for any third-party, including the phone company and police,
to listen in to the call.
The Dutch Christian-Democrat Member of Parliament Haersma-Buma asked
government to forbid the phones, since they can make it impossible for
police to use the information from a wiretapped mobile phone call. Dutch
police relies heavily on phone interception with an estimated 12.000 phone
taps per year. This number is higher then in any other European country or
even the US (not counting the unknown number of taps by any intelligence
service).
According to minister Donner it is legal to use the phone. The minister
refuses a request to confront the makers of the phone with their
responsibility not to harm police capabilities: "These products are being
developed to facilitate secure communications and thereby to serve privacy
interests and other justified legitimate interests, such as the protection
of corporate secrets". Donner acknowledges that law enforcement
capabilities to obtain the original voice communication are limited.
Pending legislation that gives police the powers to demand decryption will
also have little effect for the Cryptophone. The device uses unique
session-keys for each phone call. After the call no one can be ordered to
decrypt, since the keys are destroyed.
Donner did announce higher investments in crypto-analysis capabilities.
Answer to parliamentary questions 2003-2004, nr. 2030403480, House of
Representatives (23.02.2004, in Dutch)
http://www.bof.nl/docs/Kamerantwoord_cryptophone.pdf
Cryptophone
http://www.cryptophone.nl/
===================================================
8. RECOMMENDED READING
===================================================
The Article 29 Working Party, the European collaboration of the Data
Protection Authorities, has published a (brief!) 'Working Document on
Trusted Computing Platforms and in particular on the work done by the
Trusted Computing Group (TCG group).' It is a balanced description of
'work in progress', since there are not many end-user applications yet,
besides some widely published tests with Digital Rights Management.
The document offers general observations derived from privacy principles,
like the need to distinguish between usage in a corporate and in a private
environment and the need to provide clear information to users, while
always protecting the security of data.
"Both those who design technical specifications and those who actually
build or implement applications or operating systems bear responsibility
for the data protection aspects, although at different levels. Those who
build, commercialise and use the applications bear responsibilities as
well, especially organisations that process user data, as they will
normally be the last one in the chain and the ones who interact with the
user."
Working Document (23.01.2004)
http://europa.eu.int/comm/internal_market/privacy/docs/wpdocs/2004/wp86
_en.pdf
==================================================================
9. AGENDA
==================================================================
29 February 2004 - Deadline Call for Papers
The Programme Committee of the conference eChallenges 2004 is looking for
papers or workshop proposals
The conference and exhibition take place in Vienna, Austria from 27 - 29
October. This will be the fourteenth in a series of annual conferences
supported by the European Commission,
This year's conference themes include eBusiness, eGovernment, eWork,
eEurope 2005 and ICT Take-up by SMEs, and International Collaboration.
http://www.echallenges.org/2004/default.asp?page=call-papers
2 March 2004, Brussels, Belgium - Hearing European Parliament
"Biometrics, privacy and security: Striking the right balance",
The hearing starts at 9.00 AM.
http://www.statewatch.org/news/2004/feb/public-hearing-biometrics.pdf
25 March 2004 - Deadline Call for Papers
The European Black Hat conference 2004 will take place in the Krasnapolsky
Hotel in Amsterdam, the Netherlands, from 17 to 20 May 2004. Papers are
invited especially about the European perspective on privacy, anonymity
and DRM.
http://www.blackhat.com/html/bh-europe-04/bh-europe-04-cfp.html
26-27 March 2004, Warsaw, Poland
Pan-European Forum on safer internet-issues, organised by the Media
division of the Council of Europe Human Rights Directorate. Deadline for
funding applications is 20 February 2004.
http://www.safer-internet.net/pconference.asp
3-4 June 2004, Vienna, Austria - Free Bitflows conference
Conference and workshops about cultures of access and politics of
dissemination, organised by Public Netbase (AT), in collaboration with
Hull Time Based Arts (Hull, UK); V2_ (Rotterdam, NL); Bootlab (Berlin,
DE); interSpace Media Art Center (Sofia, BG).
http://freebitflows.t0.or.at
==================================================================
10. ABOUT
==================================================================
EDRI-gram is a bi-weekly newsletter about digital rights in Europe.
Currently EDRI has 14 members from 11 European countries. EDRI takes an
active interest in developments in the EU accession countries and wants to
share knowledge and awareness through the EDRI-grams. All contributions,
suggestions for content or agenda-tips are most welcome.
Newsletter editor: Sjoera Nas <edrigram at edri.org>
Information about EDRI and its members:
http://www.edri.org/
- EDRI-gram subscription information
subscribe/unsubscribe web interface
http://www.edri.org/cgi-bin/mailman/listinfo/edri-news/
subscribe by e-mail
To: edri-news-request at edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
- EDRI-gram in Russian, Ukrainian and Italian
EDRI-gram is also available in Russian, Ukrainian and Italian, a few days
after the English edition. The contents are the same.
Translations are provided by Sergei Smirnov, Human Rights Network, Russia;
Privacy Ukraine and autistici.org, Switzerland
The EDRI-gram in Russian can be read on-line via
http://www.hro.org/editions/edri/
The EDRI-gram in Ukrainian can be read on-line via
http://www.internetrights.org.ua/index.php?page=edri-gram
The EDRI-gram in Italian can be read on-line via
http://www.autistici.org/edrigram/
- Newsletter archive
Back issues are available at:
http://www.edri.org/cgi-bin/index?funktion=edrigram
- Help
Please ask <info at edri.org> if you have any problems with subscribing or
unsubscribing.
==================================================================
Publication of this newsletter is made possible by a grant from
the Open Society Institute (OSI).
==================================================================