[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] (Fwd) EDRI-gram - Number 2, 12 February 2003

------- Forwarded message follows -------
To:             	edri-news@edri.org
From:           	Bits of Freedom <info@bof.nl>
Subject:        	EDRI-gram - Number 2, 12 February 2003
Date sent:      	Wed, 12 Feb 2003 16:48:15 +0100

[ Double-click this line for list subscription options ] 


EDRI-gram
bi-weekly newsletter about digital civil rights in Europe
Number 2, 12 February 2003

------------------------------------------------------------------

CONTENTS:

1.  Internet censorship in Switzerland
2.  E-commerce directive transposition raises serious privacy and
     free speech concerns in France
3.  Critical draft EP report on safer internet action plan
4.  EUCD-implementation stalled in Finland
5.  Finnish companies oppose law to censor Internet
6.  Microsoft Passport does not comply with European privacy rules 7. 
UK parliamentary inquiry rejects data retention 8.  EDRI-gram
available in Spanish 9.  Agenda 10. About

------------------------------------------------------------------


1. INTERNET CENSORSHIP IN SWITZERLAND (contribution by Felix Rauch,
    SIUG)

In Switzerland, internet censorship is gaining ground. 2 recent events
demonstrate this development.

Last December, the examining magistrate of the canton Vaud issued a
command to many Swiss internet service providers (ISPs), to block
access to 3 websites. The websites, all hosted in the USA, contain
strong criticism of a.o. the Swiss courts and are prosecuted for
defamation. ISPs were also asked to modify their DNS-servers to
specifically block access to the domain appel-au-people.org

The 3 contested websites are:
http://www.appel-au-peuple.org/
http://de.geocities.com/justicecontrol/
http://www.swiss-corruption.com/

Even before the blocking became effective, mirrors immediately sprang
up at: http://www.c9c.net/swiss-corruption/info
http://www.freejustice.de/

In their press release about this case, the Swiss Internet User Group
(SIUG) and the Swiss Network operators Group point out that internet
blocking measures are easily bypassed and that article 16 of the Swiss
constitution guarantees to every person ‘the right to receive
information freely, to gather it from generally accessible sources and
to disseminate it.’

Most Swiss providers did not obey at first and appealed against the
command. The magistrate then ordered the directors of the companies to
appear in court in person. Guido Honegger of Swiss ISP Green refused
to bend under this pressure and is now facing a procedure for
disobedience. He plans to fight the command in court. Other ISPs like
e.g. Init Seven AG are redirecting traffic for the incriminated sites
to protest pages.

The blocking-orders coincide with a proposal from the Swiss federal
office of justice for a revision of the federal law on lotteries and
betting. In article 50 of the proposal, providers could be fined up to
one year in prison or a penalty of up to 1 Million Swiss francs
(approx. EUR 660.000) for ‘providing access to games that are not
allowed according to this law’. The Swiss Internet User Group is
concerned that this proposal is only the start of new legislation
providing for much wider censorship.

More reading:

Command by the canton Vaud (unofficial copy, French)
http://www.nrg4u.com:80/abuse/canton-de-vaud.pdf

Press release by SIUG and Swinog 13/12/02 (in German):
http://www.siug.ch/presse/Presse.20021213.txt

Press release ISP Green 30/01/03
http://www.green.ch/de/green/pressemitteilungen/pdf/green_freiheit.pdf

ISP Init7 explanation about the DNS-block (in German)
http://vaud.init7.net/

Federal Office of Justice (in 4 languages)
http://www.ofj.admin.ch/


2. E-COMMERCE DIRECTIVE IMPLEMENTATION RAISES SERIOUS PRIVACY AND
    FREE SPEECH CONCERNS IN FRANCE (Contribution by Meryem Marzouki,
    IRIS)

France has started the process of implementing the European Directive
on Electronic Commerce. The draft text of the Digital Economy Law
("Loi relative à l'économie numérique" or LEN in French) deals with
ISP liability, electronic contracts and unsolicited commercial emails,
cryptography, cybercrime, and satellite systems. Among them, the most
controversial provisions are those concerning cryptography, cybercrime
and ISP liability.

CRYPTOGRAPHY
Providers of cryptography services should provide upon request
decryption keys to authorised agents named by the Prime Minister. The
penalty for not complying with this obligation is a 2 years jail
sentence and a fine of EUR 30,000. When a crime or offence is
suspected, the public prosecutor or a judge may ask any expert to
decrypt data. If the incurred penalty exceeds a 2 years prison
sentence, military staff may be asked for help. In that case, the
decryption method and process would be kept secret, making it very
difficult for defence lawyers to question the outcome. The last
provision states that anyone having access to decryption keys should
provide them. The keys should be provided upon judicial request when
cryptography is used for commission, preparation, or facilitation of a
suspected crime or offence. The penalty is very high again: a jail
sentence of 3 years and a fine of EUR 45,000.

There are 3 major objections against these provisions. First, judicial
control is not ensured. The public prosecutor may start investigations
before any crime or offence has been committed. Secondly, they allow
for self-incrimination, and thus contradict the French law. Thirdly,
professional secrecy is no longer guaranteed for some professions, for
example for lawyers that exchange encrypted e-mails with their
clients.

ISP LIABILITY
On ISP liability, the draft is a third attempt to introduce a "notice
and take down" procedure in French legislation. Currently, a French
ISP can only be held liable for hosting illegal content if he does not
obey a judicial order to remove this content.

With the implementation of the Digital Economy Law, ISPs would not be
held liable if, after obtaining actual knowledge or becoming aware of
facts and circumstances indicating illegal activity, they act
expeditiously to remove or to disable access to the information. These
provisions reproduce the exact words of the E-Commerce Directive
(article 14). This would open the way for privatized censorship, where
the ISP has to decide what is illegal and what is not, after having
been notified by a third party on the basis of its private interests.
There is no provision for counter claims, seriously undermining
presumption of innocence and the right to a fair trial.

Moreover, the draft introduces the possibility of ordering French
providers to block access to foreign websites. This unprecedented
provision may open the door to further restrictions and censorship on
other media, and would undermine freedom of circulation on the
Internet.

On 5 February, EDRI-member IRIS launched a petition against provisions
on ISP liability and access filtering, in collaboration with 2 non
commercial ISPs, the French Human Rights League and a Federation of
Trade Unions. The still on-going petition has already been signed by
more than 40 French organizations and almost 400 French individuals.

More reading:

European Directive on Electronic Commerce (2000/31/EC)
http://europa.eu.int/cgi-bin/eur-lex/udl.pl?REQUEST=Seek-Deliver&COLLE
CTION=oj&SERVICE=eurlex&LANGUAGE=en&DOCID=2000l178p0001

Petition against ISP liability and access filtering provisions (in
French) http://www.iris.sgdg.org/actions/len/petition.html

IRIS Dossier (in French)
http://www.iris.sgdg.org/actions/len/index.html


3. CRITICAL DRAFT EP REPORT ON SAFER INTERNET ACTION PLAN

The EU Safer Internet Action Plan, than ran from 1999 to 2002, did not
deliver very impressive results, to put it mildly. Rapporteur Bill
Newton Dunn (UK Liberal Democrat) from the Parliamentary Committee on
Citizen’s Freedoms and Rights, Justice and Home Affairs (LIBE) wrote a
slashing draft report about the request to extend the plan for another
2 years. The original plan had 4 objectives: -Create a European
network of childporn hotlines -Develop European filtering and rating
systems -Encourage awareness actions -Organise an international
conference about the topic

Analysing the achievements, Newton Dunn states that nobody seems to
know the telephone numbers of the supposed network of hotlines in 10
member states. Secondly, in stead of validating existing filtering
software and carry out security tests against counter-attacks, the
express wish of the EP, the Commission financed 13 seemingly vague and
uncoordinated filtering projects. Awareness has not been promoted very
well either. ‘Projects such as the SUI project resulted in the
distribution of 60.000 copies of a brochure on safer Internet use to
teachers (...).’ Finally, no conference was organised, ‘and now, in
the rapporteur’s opinion, the money would be better spent with the
candidate countries.’

The report will be discussed in the next meeting of LIBE, on 17
February 2003. Next day LIBE will vote, followed in Plenary on 10
March.

More reading:

Revised Newton Dunn draft report (January 2003)
http://www.europarl.eu.int/meetdocs/committees/libe/20030217/481624en.
pdf


4. EUCD-IMPLEMENTATION STALLED IN FINLAND (contribution by Ville
    Oksanen, EFFI)

Last week, the Finnish parliament returned the national copyright law
proposal back to the ministry that originally drafted it. Electronic
Frontier Finland heavily criticized the anti-circumvention provisions
and other controversial issues of the proposal. After a parliamentary
hearing on the 31st of January, the chair of the hearing committee
announced it was impossible to continue with the proposal.

Mr Jyrki Katainen, member of the parliament committee and vice
chairman of the Conservative Party, confirmed to EFFI that the main
reason for this very rare dismissal was the extreme unclearness of the
law. The possibility of a 2 years jail sentence for the circumvention
of copy protection for example, would have posed a serious risk to
unwitting citizens.

Mr. Katainen was also worried the law would have harmed the Finnish
competitiveness as an information society. "The proposal was simply
overreaching", he said.

More reading:

EFFI press-release 31/01/03
http://www.effi.org/julkaisut/tiedotteet/pressrelease-2003-01-31.html

Slashdot
http://yro.slashdot.org/article.pl?sid=03/01/31/213251&mode=thread&tid
=153


5. FINNISH COMPANIES OPPOSE LAW TO CENSOR INTERNET (contribution
    by Ville Oksanen, EFFI)

A coalition of Finnish telecom and media companies has joined the
fight against proposed government legislation to make owners of
message boards liable for all content, similar to print media.
Additionally, Finnish government wants access to historical data to
trace anonymous postings. The law therefore requires publishers and
ISPs website to log practically all Internet traffic data for a period
of 3 months. In a message delivered to parliament on 5 February, the
companies say the law could have a chilling effect on commercial
communication.

Electronic Frontier Foundation has acted against the new law from the
beginning, warning it will stifle freedom of expression on the
Internet.

More reading:

Press release Finnish companies (06/02/03)
http://www.iccwbo.org/home/news_archives/2003/stories/finnish.asp

EFFI dossier about the law (Jan/Feb 2003)
http://www.effi.org/sananvapaus/index.en.html

Previous EFFI fight against mandatory data retention (25/11/02)
http://www.effi.org/julkaisut/tiedotteet/pressrelease-2002-11-25.html


6. MICROSOFT PASSPORT DOES NOT COMPLY WITH EUROPEAN PRIVACY RULES

Microsoft has agreed to change its Passport authentication system,
after the publication on 29 January of a very critical review by the
united EU privacy commissioners. Besides the Microsoft .NET Passport
system, the commissioners, united in the so-called Article 29 Working
Party, also examined the Liberty Alliance Project. The review
concludes with general guidelines for future on-line authentication
systems.

In order to comply with EU privacy rules, Microsoft agreed to
substantially modify the Passport system, "involving in particular a
radical change of the information flow".

Passport is a system that centralizes authentication and information
sharing for users on the internet. The system stores user information
such as addresses, ages, phone and credit card numbers and other
personal details in a large central database. With one click, users
can transfer their personal information to participating websites.

The most important consequence of the agreement is that users "will be
informed and empowered to decide as to which data they want to provide
and under which conditions these data will be processed by Microsoft
or by the participating websites".

Microsoft will have to enable users to decide on a site-by-site basis
whether they want to communicate their profile data or not. Some of
the changes involve giving information to users on how to open a
Passport account without using their real e-mail address. Microsoft
will have to reconfigure the user profile to allow users to fill out
the fields they choose, while leaving others blank. All changes have
to be made according to an agreed time line.

USA based privacy and consumers organisations, led by the Electronic
Privacy Information Center (EPIC), previously filed a complaint in
2001 with the United States Federal Trade Commission (FTC) regarding
Passport and other Microsoft products. The FTC ruled in 2002 that
Microsoft made false security and privacy promises about Passport.

Microsoft has made no formal statement regarding the issue but a
Microsoft spokesperson responded to the agreed changes of Passport
saying that "data protection is a dynamic process".

Simultaneously, other complaints about Microsoft are pending with EU
anti-trust regulators. A long running investigation involves the
bundling of Windows Media Player and alleged abuse of dominance in the
server market linked to Windows 2000. EU competition commissioner
Mario Monti recently announced to present conclusions in the first
half of 2003. A completely new complaint was filed this week by the
Computer & Communications Industry Association, representing a number
of large technology and media corporations, regarding the bundling of
applications with Windows XP and the misuse of a dominant market
position by Microsoft.

More reading:

Article 29 Data Protection Working Party: 'Working document on on-line
authentication services' 29/01/03
http://europa.eu.int/comm/internal_market/en/dataprot/wpdocs/wp68_en.p
df

EPIC archive on Passport
http://www.epic.org/privacy/consumer/microsoft/passport.html

Computer & Communications Industry Association (CCIA) v. Microsoft
http://www.ccianet.org/ms_eu.php3


7. UK PARLIAMENTARY INQUIRY REJECTS DATA RETENTION

In the UK, a parliamentary inquiry resulted in a firm rejection of
governmental plans for general data retention. In one piece of
proposed legislation Government expected phone companies, mobile
operators and Internet service providers to voluntarily keep logging
data for a period of up to 12 months. These data would reveal who has
been calling and e-mailing whom, which websites they had visited, and
even where people have been with their mobile phones. In their report,
the All Party Internet Group (APIG) concludes that the Government had
underestimated the costs of the scheme, that billing databases would
migrate abroad to escape regulation and that there were few incentives
for industry to help the government track technical change. To cap all
this, the scheme appeared to be in breach of Human Rights legislation
and despite a year of effort by the Home Office, no solution was in
sight.

The evidence heard by the parliamentary inquiry made it clear that the
proposed voluntary retention scheme had no hope of acceptance by
industry. The report also concludes that it would be impractical to
proceed with the fallback of mandatory data retention and strongly
recommends that the Home Office scrap their plans altogether and start
negotiations on a lower impact scheme of targeted "data preservation"
instead.

The group also examined existing pieces of legislation including the
Regulation of Investigatory Powers Act 2000 (RIPA) and recommended
that definition of communications data be improved.

More reading:

The APIG report 28/01/03
http://www.apig.org.uk/APIGreport.pdf


8. EDRI-GRAM IN SPANISH

 From now on, EDRI-gram will also be available in Spanish, usually 3
 days 
after the English edition. Translations will be provided by David
Casacuberta, secretary of the Spanish chapter of CPSR (Computer
Professionals for Social Responsibility). To receive the Spanish
EDRI-gram, please visit
http://www.edri.org/cgi-bin/mailman/listinfo/edri-grama/ or subscribe
by email: To: edri-grama-request@edri.org Subject: subscribe


9. AGENDA

17-28 February 2003 Geneva, Switzerland - Second Preparatory Meeting
on the World Summit Second preparatory meeting for the World Summit on
the Information Society to be held in Geneva from December 10-12 2003.
http://www.itu.int/wsis/preparatory/prepcom/prepcom2.html

25 February 2003 Kiev, Ukraine - Problems and prospects of Information
Society Development International conference organised by the
All-Ukrainian Foundation “Information Society of Ukraine” in close
cooperation with Ukrainian Institute of Information Society.
http://www.isu.org.ua/en/index.php

27-28 February 2003 Luxembourg, Luxembourg - 2 workshops on 'Safer
Internet' http://www.saferinternet.org/news/Events-feb2003.asp

10-12 March 2003 Malmo, Sweden - ASEM summit on Globalisation and ICT
http://www.iked.org/asem2003ict/program.html

15 March 2003 Nomination deadline for the world's most stupid security
measure. The Stupid Security Award will be presented on 3 April 2003,
during the CFP-conference.
http://www.privacyinternational.org/activities/stupidsecurity/

25 March 2003 - UK Big Brother Awards
For the 5th time, Privacy International will present awards for: Worst
Public Servant; Most Invasive Company; Most Appalling Project; Most
Heinous Government Organisation & Lifetime Menace.
http://www.privacyinternational.org/bigbrother/uk2003/

1-4 April 2003 New York, USA - CFP 2003, including international Big
Brother Award presentation.
http://www.cfp2003.org/cfp2003/program.html

22-24 April 2003 St Petersburg, Russia - Building the Information
Commonwealth International Conference on Information Technologies and
Building Prospects for the Development of Civil Society Institutions
in the CIS Countries. http://www.communities.org.ru/conference

6-7 May 2003 Padova, Italy - Information Society Visions and
Governance Colloquium in preparation for the World Summit on the
Information Society, organised by the European Institute for
Communication and Culture (EURICOM), in co-operation with the
University of Padua (Padova) Contact for information: Claudia
Padovani, Dipartimento di Studi Storici e Politici, Università di
Padova e-mail: claudia.padovani@unipd.it


10. ABOUT

EDRI-gram is a bi-weekly newsletter from European Digital Rights, an
association of privacy and civil rights organisations in Europe.
Currently EDRI has 10 members from 7 European countries. EDRI takes an
active interest in developments in the EU accession countries and
wants to share knowledge and awareness through the EDRI-grams. In
general, all contributions, suggestions for content or agenda-tips are
most welcome. Please e-mail your contributions to the editor, Sjoera
Nas, edrigram@edri.org .

Information about EDRI and its members:
http://www.edri.org/

Subscription Information

subscribe/unsubscribe web interface
http://www.edri.org/cgi-bin/mailman/listinfo/edri-news

subscribe by email
To: edri-news-request@edri.org
Subject: subscribe

You will receive an automated email asking to confirm your request.


_______________________________________________

------- End of forwarded message -------


-- 
To unsubscribe, e-mail: debate-unsubscribe@lists.fitug.de
For additional commands, e-mail: debate-help@lists.fitug.de