[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] (Fwd) EDRI-gram - Number 5, 27 March 2003



------- Forwarded message follows -------
Date sent:      	Thu, 27 Mar 2003 18:59:02 +0100
To:             	edri-news@edri.org
From:           	EDRI-gram newsletter <edrigram@edri.org>
Subject:        	EDRI-gram - Number 5, 27 March 2003

[ Double-click this line for list subscription options ] 


==================================================================

                          EDRI-gram

    bi-weekly newsletter about digital civil rights in Europe

                     Number 5, 27 March 2003

==================================================================
Contents
==================================================================

1. No legal basis for transfer of passenger data
2. EU building bugged
3. French Constitutional Council validates computer search without
warrant 4. Polish providers fight email monitoring obligation 5.
Restrictions on cryptography in Spain 6. UK home office not amused
with big brother award 7. Recommended reading: avoiding spam 8. Agenda
9. About

================================================================== 1.
No legal basis for transfer of passenger data
==================================================================

The agreement between the European Commission and U.S. authorities on
the transmission of passenger name record data (PNR) has encountered
fierce opposition during a public hearing at the European parliament.
The agreement gives the U.S Customs on-line access to passenger name
record data of all EU based airlines for flights that go to, from or
through the U.S.

During the 25 March public hearing in the European parliament the
Commission argued that it had no choice but to accept the U.S. demands
for passenger data. Threats to fine European airlines or even halt
landing rights were taken very seriously by the Commission. But many
participants were not satisfied with the explanation that the
Commission had been blackmailed and couldn't do anything about it.
They argued that the transfer of PNR data has no legal basis and is a
direct violation of the EU data protection directive.

Stefano Rodotà, chairman of the Article 29 Working Party (the
coalition of EU privacy commissioners), concluded: "Everybody now
realises how serious this is". He said the EU must take its
responsibility and act, otherwise every third country could change its
law and force the EU to adopt foreign legislation. Three civil liberty
organisations (EDRI, Statewatch and EPIC) testified during the hearing
and expressed concern about the willingness of the European Commission
to bypass EU law to satisfy the U.S.

The scope of the agreement is wide. The agreement says that "Customs
will retain the data no longer than is required for the purpose for
which it was stored". But at the same time it is clear that the data
is stored for an almost unlimited number of purposes, certainly not
limited to fighting terrorism: "PNR data is used by Customs strictly
for enforcement purposes, including use in threat analysis to identify
and interdict potential terrorists and other threats to national and
public security". The U.S. Customs will also share the data with all
other U.S. agencies: "Other law enforcement entities may specifically
request PNR information from Customs and Customs, in its discretion,
may provide such information for national security or in furtherance
of other legitimate law enforcement purposes". The agreement reads as
an assurance that EU passenger data will be stored in FBI, NSA and CIA
databases.

The PNR data consist of all relevant information related to a
passengers flight: departure and return flights, connecting flights,
special services required on board the flight (meals such as Kosher,
Halal) and payment information such as credit card numbers.

EP public hearing: Grave concerns over data protection
http://www2.europarl.eu.int/omk/sipade2?PUBREF=-//EP//TEXT+PRESS+NR-20
030326-1+0+DOC+XML+V0//EN&LEVEL=2&NAV=S#SECTION5

European Commission - US Customs talk on Passenger Name Record
transmission
http://europa.eu.int/comm/external_relations/us/intro/pnr.htm


================================================================== 2.
EU BUILDING BUGGED
==================================================================

The telephones lines in the EU Justus Lipsius building in Brussels,
home of the Council of Ministers, have been tapped for many years. The
bugging devices were discovered in the rooms of the delegations of
Britain, France, Germany, Spain, Italy and Austria. The devices were
placed on lines between the central switchboard and the national
delegations.

The German delegation ordered their Federal Office for Information
Security (BSI) to examine the bugging devices. The expert called the
building 'wired like a pinball machine'. It is suspected that the
devices were installed during the construction of the building in
1995.

After discovery of the bugs a trap was set up to find out if the
devices would be 'serviced' by the spying agency that had placed them.
Nobody showed up and it is still unclear which country is responsible
for the bugging.

George Papandreou, the Greek foreign minister and spokesman for the
EU's presidency, said the eavesdropping is a waste of time. "To all
those who feel that it is necessary to tap our phones, we say that
Europe is a very transparent organisation," he said. "They shouldn't
go to such lengths to try to find out information - we can provide it
for them." These remarks have caused quite some amusement with people
and organisations that have been following the EU access to documents
policies in the last years.

Der Spiegel: Spionage gegen EU (in German) (24.03.2003)
http://www.spiegel.de/spiegel/0,1518,241722,00.html

Council of the European Union press release (19.03.2003)
http://ue.eu.int/newsroom/LoadDoc.asp?MAX=1&DOC=!!!&BID=75&DID=75009&G
RP=5602&LANG=1


================================================================== 3.
FRENCH CONSTITUTIONAL COUNCIL VALIDATES COMPUTER SEARCH WITHOUT
WARRANT
==================================================================

The French Constitutional Council recently validated the Internal
Safety Law ('Loi sur la sécurité intérieure'), adopted by the
Parliament on February 13. This decision has been commented by the
Human Rights League - LDH, the French member of the International
Human Rights Federation - as a 'step backwards for the rule of law'.

Among the many provisions infringing privacy and other human rights,
one authorizes the immediate access by Law Enforcement Authorities to
the computer data of Telecommunications Operators, including Internet
Access Providers, as well as of almost any public or private
institute, organization or company. The second important measure
authorizes the searching without warrant of any information system,
provided that its data are accessible through the network from a
computer being searched with a warrant (e.g. all computers in a P2P
network may now be searched on the basis of a single warrant for one
of them). If the data are stored in a computer located in a foreign
country, then their access remains subject to applicable international
agreements.

These provisions implement parts of Article 19 (search and seizure of
stored computer data) of the Council of Europe Cybercrime Convention,
signed but not yet ratified by France. The Convention, which has been
opened to signatures since 23 November 2001, has not entered into
force to date. It has been strongly criticized by many Human Rights
organizations as well as by professional experts.

EDRI-member IRIS notes in its press release that the French
transposition of Article 19 of the Cybercrime Treaty doesn't even
fulfil the minimal conditions and safeguards stated in Article 15, in
reference to international instruments for the protection of human
rights and fundamental freedoms.

(Contribution by Meryem Marzouki, IRIS)

Statement by Ligue des droits de l'Homme (in French)
http://www.ldh-france.com/actu_derniereheure.cfm?idactu=646

Statement by IRIS (in French)
http://www.iris.sgdg.org/info-debat/comm-loi-si0303.html

Treaty Watch
http://www.treatywatch.org/


================================================================== 4.
POLISH PROVIDERS FIGHT EMAIL MONITORING OBLIGATION
==================================================================

According to an item on Warsaw Polish Radio 1 on 19 March 2002, 
telecommunication providers in Poland have received an order from the
Ministry of Infrastructure to install email wiretapping equipment.

In the item counsellor Daniel Wieszczycki stated the order is contrary
to the Constitutional right of secrecy of correspondence. In pursuance
of the order, the operators are obliged to connect their lines to
authorized surveillance institutions. These are the Internal Security
Agency, the Intelligence Agency, the Military Gendarmerie, the Border
Guard, the police and the military intelligence.

Counsellor Wieszczycki emphasized that the Internet communities have
already announced that they would take the order to the Constitutional
Tribunal. He said: "we noticed some characteristics of this order,
such as a lack of respect for the Constitutional right to protection
of secrecy of communication. Indeed, it orders the application of
technical solutions which will make impossible court supervision of
the installation of such monitoring provisions or of surveillance in
general..."

Translation source: Foreign Broadcast Information Service (USA
government), document number FBIS-EEU-2003-0319


================================================================== 5.
RESTRICTIONS ON CRYPTOGRAPHY IN SPAIN
==================================================================

A proposal to modify the Spanish telecommunication law threatens the
free use of cryptography.

The current General Law of Telecommunications (Ley General de 
Telecomunicaciones (LGT) already puts some restrictions on the use of
cryptography. The second part of article 52 ('Cifrado en las redes y
servicios de telecomunicaciones', that is, network encryption and
telecommunication services) says:

"Encryption is a security instrument for information. Among its
conditions of use, when it is used to protect the confidentiality of
information, an obligation may be imposed to notify either a General
Administration State authority or a public one of the algorithms or
any other encryption procedure used, in order to control it according
to the law. This obligation will affect developers that include
encryption in their equipment or software, the operators that include
it in networks or in specific services and users that make use of it."

The modification proposal would create an obligation for every user to
hand over their encryption key and password when asked by any public
authority. The revised article (renumbered as 36.2) with the
modification in capitals, looks like this:

"Encryption is a security instrument for information. Among its
conditions of use, when it is used to protect the confidentiality of
information, an obligation may be imposed to notify either a General
Administration State authority or a public one of the keys, the
algorithms or any other encryption procedure used, including all the
technical information related to the used system, and also the
obligation to facilitate, at no cost, the encryption devices used and
the technical information related to the system used in the encryption
procedure, in order to control it according to the law."

The Spanish government has not given any explanation about the need
for this modification, just vague references to the need of some
'control'.

The law would clearly give new impulse to key escrow schemes. In fact
the Fábrica Nacional de Moneda y Timbre is allowed by the government
to develop such schemes.

(Contribution by Arturo Quirantes - CPSR-Spain)


================================================================== 6.
UK HOME OFFICE NOT AMUSED WITH BIG BROTHER AWARD
==================================================================

Yesterday, Privacy International announced the winners of the 5th
Annual UK 'Big Brother' awards to the government and private sector
organisations that have done the most to invade personal privacy in
Britain.

Winner of the award for worst public servant is London Mayor Ken
Livingstone, for his efforts in transport surveillance. Prime Minister
Tony Blair received the Lifetime Menace Award. Blair earned the award
partly because of his plans to force phone companies and Internet
service providers to retain user data for 12 months as part of the
country's stepped-up war on terrorism and crime.

According to an article in The Guardian, a representative of the Home
Office attended the event, but did not take the special award for
minister David Blunkett: a (fake) dog poo on a stick. The home
secretary has been a long-time target for privacy campaigners, as a
result of his support for schemes such as entitlement cards.

"These are silly and malicious awards which have rightly been ignored
by most people," said a Home Office press officer.

Privacy International's Director, Simon Davies, said the award winners
reflected the 'prolonged and vicious' attack on the right to privacy.
He said privacy invasion in Britain has become "a vast industry that
threatens the rights of everyone in Britain".

Press release UK Big Brother Awards 2003 (25.03.2003)
http://www.privacyinternational.org/bigbrother/uk2003/

Home office attacks "malicious" awards (25.03.2003)
http://www.guardian.co.uk/online/news/0,12597,922483,00.html


================================================================== 7.
RECOMMENDED READING: AVOIDING SPAM
==================================================================

Did you ever wonder how spammers got your email address? According to
new research by the USA-based Center for Democracy and Technology,
publication of your email address on a website is the number one cause
of getting a lot of spam. It definitely helps to disguise your
address, such as replacing 'somebody@domain.eu' with 'somebody at
domain dot eu'.

Why am I getting all this spam? (19.03.2003)
http://www.cdt.org/speech/spam/030319spamreport.shtml


================================================================== 8.
AGENDA
==================================================================

2-4 April 2003 New York, USA - CFP 2003
http://www.cfp2003.org/cfp2003/program.html

6-7 May 2003 Padova, Italy - Information Society Visions and
Governance Contact for information: Claudia Padovani,
claudia.padovani@unipd.it

8-9 May 2003, Namur, Belgium - Collecting and Producing Electronic
Evidence in Cybercrime Cases 2-day workshop organised by the
University of Namur
http://www.ctose.org/info/events/workshop-8-9-may-2003.html

30 June - 2 July 2003 St Petersburg, Russia - Building the Information
Commonwealth http://www.communities.org.ru/conference/

7-10 August 2003 Berlin, Germany - Chaos Computer Camp 2003
http://www.ccc.de/camp/


================================================================== 9.
ABOUT
==================================================================

EDRI-gram is a bi-weekly newsletter from European Digital Rights, an
association of privacy and civil rights organisations in Europe.
Currently EDRI has 10 members from 7 European countries. EDRI takes an
active interest in developments in the EU accession countries and
wants to share knowledge and awareness through the EDRI-grams. All
contributions, suggestions for content or agenda-tips are most
welcome.

Newsletter editor:
Sjoera Nas, edrigram@edri.org

Information about EDRI and its members:
http://www.edri.org/

- EDRI-gram subscription information

subscribe/unsubscribe web interface
http://www.edri.org/cgi-bin/mailman/listinfo/edri-news/

subscribe by email
To: edri-news-request@edri.org
Subject: subscribe

You will receive an automated email asking to confirm your request.

- EDRI-gram in Spanish

EDRI-gram is also available in Spanish, usually 3 days after the
English edition. The contents are the same. Translations are provided
by David Casacuberta, secretary of the Spanish chapter of Computer
Professionals for Social Responsibility (CPSR).

To subscribe to the Spanish language EDRI-gram, please visit
http://www.edri.org/cgi-bin/mailman/listinfo/edri-grama/

or subscribe by email:

To: edri-grama-request@edri.org
Subject: subscribe

- Newsletter archive

Back issues are available at:
http://www.edri.org/cgi-bin/index?funktion=edrigram

- Help

Please ask info@edri.org if you have any problems with subscribing or
unsubscribing.

==================================================================
Publication of this newsletter is made possible by a grant from the
Open Society Institute (OSI).
==================================================================



------- End of forwarded message -------

-- 
To unsubscribe, e-mail: debate-unsubscribe@lists.fitug.de
For additional commands, e-mail: debate-help@lists.fitug.de