Förderverein Informationstechnik und Gesellschaft

EDRI-gram - Number 6, 9 April 2003

------- Forwarded message follows ------- Date sent: Wed, 09 Apr 2003 19:32:55 +0200 To: From: EDRI-gram newsletter <> Subject: EDRI-gram - Number 6, 9 April 2003

[ Double-click this line for list subscription options ]



bi-weekly newsletter about digital civil rights in Europe

Number 6, 9 April 2003

================================================================== Contents ==================================================================

1. Stupid security measures in Europe 2. Draft law promotes free software in Bulgaria 3. New content restrictions in Germany 4. Swiss providers to keep email records for 6 months 5. Danish committee on citizens IT-rights 6. Austria looses court case about surveillance costs 7. Recommended reading: privacy policy 8. Agenda 9. About

================================================================== 1. STUPID SECURITY MEASURES IN EUROPE ==================================================================

During last weeks CFP conference (Computer Freedom Privacy) in New York, Simon Davies from UK EDRi-member Privacy International announced the winners of the Stupid Security Awards. The jury received some 5.000 nominations from 35 different countries. Though most of the winners are American, Europe also produced some very noteworthy stupid security measures. UK mobile phone company T-Mobile won a Most Annoyingly Stupid Award 'for pointless and idiotic financial security measure'. T-Mobile won't let anyone pay more than fifty pounds a month from a bank account, for unspecified 'security' reasons. Runner-Up for the Most Egregiously Stupid Award was Moscow Mayor Yury Luzhkov for the "Propiska" Identity Papers, while UK Heathrow Airport was selected the runner-up for the Most Inexplicably Stupid Award.

In Moscow both foreigners and citizens of Russia need a special permission to be in Moscow, a propiska-paper. According to the nomination, propiska was already invented in 1932 by Stalin, but reintroduced in 2002 as a measure against terrorism. The usual price is USD 1-3 for Russians and USD 10 and more for others. To obtain it officially seems virtually impossible. "You need to fill out a lot of applications, collect many signatures and permissions. According to different sources you are responsible to get a registration in 3 or 10 days after arriving to Moscow. This is even theoretically impossible because registration department (pasportnyi stol) works only 2-3 hours a week and you have to wait hours and hours in a huge line. In addition, any official may refuse you without any explanation."

A passenger on Heathrow Airport was found to carry a box with loose leaf Chinese tea. Unfortunately, it was of a well known variety known as Gunpowder Tea, and had this printed on the packaging. It was decided that the tea was allowed, but the evil word "Gunpowder" was not. Consequently the security staff then rummaged around and found a plastic bag into which they decanted the fragrant tea leaves, and confiscated the cardboard packaging.

Other European stupid security measures include:

- The refusal of UK railways company Railtrack to provide litter bins on stations (a bomb could be hidden in there). - Irish budget Airline Ryan Air accepting international student cards as photographic ID but refusing military ID-cards. - The Danish Ferry-Company requiring fingerprint scans to board a boat from the island Bornholm to mainland Denmark. - The French province of Pyrenees-Atlantiques allowing nightclubs and disco's with sufficient camera-supervision (CCTV) to stay open 1 hour longer. - A Scuba diving club in Devon (UK) requiring a full security check from people interested in taking classes. - An anonymous UK airline forbidding its pilots to carry nail clippers, while allowing for a huge fire-axe in every cabin.

Selected nominations in 5 categories (08.04.2003)

Details about Moscow Propiska

================================================================== 2. DRAFT LAW PROMOTES FREE SOFTWARE IN BULGARIA ==================================================================

A draft law, currently discussed in parliament in Bulgaria, will oblige all governmental institutions to use free software and open formats with their computer information systems within 2 years. The law addresses all state bodies, mayors of municipalities and regions, higher schools, medical establishments, non-profit legal entities as well as other bodies and entities that receive governmental funding. A permit of exception from this obligation can only be procured on a case-by-case basis, if no free software is available for a specific purpose.

In the Bulgarian definition, free software must allow for:

- Unlimited use of the software for all purposes; - Unlimited access to the source code; - Comprehensive check of its mechanisms of operation; - Use of internal mechanisms and of any arbitrary part of it, so that it can be adapted to the needs of the user; - Production and public distribution of its copies; - Modification and free distribution of changes as well as of the newly designed software under the same conditions as those of the original.

If adopted, the law would bring about a remarkable change of policy. Only a year ago, Minister of the State Administration Dimitar Kalchev triumphantly announced a new contract with Microsoft for the provision of software to the state administration. In total, in 3 years Bulgaria would have to pay USD 8,400,000 (EUR 7,862,245) to Microsoft.

Press release 'The contract with Microsoft is one of the most advantageous contracts sealed in the country' (14.06.2002) 671.html

A copy of the draft law is available through Veni Markovski <>.

================================================================== 3. NEW CONTENT RESTRICTIONS IN GERMANY ==================================================================

In Germany, new content restrictions were introduced for the protection of minors, extending current regulations and indexing schemes for film and video to internet and games. Since 1 April all kinds of ego shooters and electronic media "glorifying war" are banned. Furthermore, under the new regulation, all computer games must carry labels with minimum age requirements. The restrictions on computer games were speeded up after a youngster killed 18 people in his school in the city of Erfurt a year ago. The youngster was addicted to the game 'Doom', media reported.

Through the new additions on the Treaty on Human Rights & the Protection of Minors in Broadcasting and Telecommunication Media a new central commission decides on illegal and harmful media and Web content. Though the implications are not yet clear, the extension to web pages might mean filtering mechanisms will have to be introduced to prevent minors from accessing indexed web pages.

Based on a German article in Heise (03.04.2003)

Available in English through

================================================================== 4. SWISS PROVIDERS TO KEEP EMAIL RECORDS FOR 6 MONTHS ==================================================================

Since 1 April, new legislation went into force that obliges Swiss Internet Service Providers (ISPs) to keep a 6 month email log file. That means they will have to store time, size and addresses of all emails sent by their customers (the SMTP envelope data). The authorities will be able to access these stored data with a search warrant only. Access is limited to a number of serious offences such as paedophilia and drug trafficking.

There is no general obligation to store the content of all emails, but providers can be ordered to keep the specific correspondence of a suspect (preservation) and forward it to a special new crime-investigating unit.

Internet service providers have resisted the new legislation, pointing at the high costs of storage and selection software. However, the new legislation hasn't fully satisfied law enforcement officers either. Before this law was introduced, there were no restrictions on the type of data a judge could order an ISP to hand-over. "The politicians weren't very pragmatic," said Nicolas Cruchet, an investigating judge in canton Vaud. "These restrictions undermine the value of the law."

Sunrise, Switzerland's second-biggest ISP, estimated that complying with the legislation would cost the company around 1 million Swiss Francs (673,000 Euro). Some smaller ISPs have threatened to pass the extra costs on to their customers. Company and university servers are not covered by the new rules; nor are cybercafes.

A confidential document about the technical requirements of wiretapping in Switzerland (02.04.2002) can be found at:

Contribution by Felix Rauch, Swiss Internet User Group (SIUG).

================================================================== 5. DANISH COMMITTEE ON CITIZENS IT-RIGHTS ==================================================================

The Danish ministry of science and technology has mandated a committee on citizens IT-rights. The committee has representatives from various ministries, consumer organisations, the IT-business sector and civil society. EDRi-member Digital Rights has participated in the committee since it started its work in September 2002. The aim of the committee is to give recommendations to areas where existing laws and practices in Denmark may hinder citizen's enjoyment of their IT-rights. Areas under scrutiny include: citizen's communication with the public sector, privacy and registration, freedom of expression and access to information. The fiercest debates within the committee were about data retention (obligatory in Denmark for the period of 1 year), access to public information and ISP self-regulation. The recommendations are expected to be finalised by May/June 2003.

Information is available at (in Danish)

or through committee member Rikke Frank Jørgensen from Digital Rights <>.

================================================================== 6. AUSTRIA LOOSES COURT CASE ABOUT SURVEILLANCE COSTS ==================================================================

Telecommunication companies in Austria have won an important court case against the federal government. Though in general the wiretapping provisions in the new Telecommunications Law were not deemed unconstitutional, from 2004 onwards, government will have to reimburse providers for the costs of procuring and maintaining surveillance equipment.

Full verdict in German (27.02.2003)

================================================================== 7. RECOMMENDED READING: EPIC AND PI 2002 REPORT ON PRIVACY ==================================================================

Each year, Privacy International and the Electronic Privacy Information Center review the state of privacy in over fifty countries around the world. The survey examines a wide range of privacy issues including, data protection, telephone tapping, genetic databases, ID systems and freedom of information laws.

Specifically, the 2002 edition of Privacy and Human Rights examines the impact of government proposals after 11 September 2001 on privacy and civil liberties. The report documents many new anti-terrorism and security measures and identifies key trends including increased communications surveillance, weakening of data protection regimes, and increased profiling and identification of individuals.

The book can be ordered via the EPIC bookstore for USD 25

================================================================== 8. AGENDA ==================================================================

6-7 May 2003 Padova, Italy - Information Society Visions and Governance Contact for information: Claudia Padovani <>.

8 May 2003, Brussels, Belgium - European Parliament hearing on Software Patents Small and medium enterprises are requested to register and attend

8-9 May 2003, Namur, Belgium - Collecting and Producing Electronic Evidence in Cybercrime Cases 2-day workshop organised by the University of Namur

30 June - 2 July 2003 St. Petersburg, Russia - Building the Information Commonwealth

7-10 August 2003 Berlin, Germany - Chaos Computer Camp 2003

================================================================== 9. ABOUT ==================================================================

EDRI-gram is a bi-weekly newsletter from European Digital Rights, an association of privacy and civil rights organisations in Europe. Currently EDRI has 10 members from 7 European countries. EDRI takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRI-grams. All contributions, suggestions for content or agenda-tips are most welcome.

Newsletter editor: Sjoera Nas <>

Information about EDRI and its members:

- EDRI-gram subscription information

subscribe/unsubscribe web interface

subscribe by email To: Subject: subscribe

You will receive an automated email asking to confirm your request.

- EDRI-gram in Spanish

EDRI-gram is also available in Spanish, usually 3 days after the English edition. The contents are the same. Translations are provided by David Casacuberta, secretary of the Spanish chapter of Computer Professionals for Social Responsibility (CPSR).

To subscribe to the Spanish language EDRI-gram, please visit

or subscribe by email:

To: Subject: subscribe

- Newsletter archive

Back issues are available at:

- Help

Please ask if you have any problems with subscribing or unsubscribing.

================================================================== Publication of this newsletter is made possible by a grant from the Open Society Institute (OSI). ==================================================================

------- End of forwarded message -------