B.I.S.S. Forums > EDRI-gram newsletter - Number 6.4, 27 February 2008

Full Version: EDRI-gram newsletter - Number 6.4, 27 February 2008

B.I.S.S. Forums > Internet Security Forum > The Privacy / Rights Project

Sabu75

Mar 4 2008, 02:01 PM

============================================================

EDRI-gram

biweekly newsletter about digital civil rights in Europe

Number 6.4, 27 February 2008

============================================================
Contents
============================================================

1. Extension of the copyright term for performers proposed to the EC
2. Germany: New basic right to privacy of computer systems
3. EC Draft Recommendation on RFID Privacy and Security published
4. MEP pressures for criminalizing copyright infringements
5. French Police extends the Internet blacklist
6. Romanian Govt adopts Data retention law, but calls it inefficient
7. Legislation against Internet filesharing in UK
8. Note2be.com under investigation by CNIL
9. ENDitorial: Finnish web censorship
10. Recommended Reading
11. Agenda
12. About

============================================================
1. Extension of the copyright term for performers proposed to the EC
============================================================

On 14 February 2008, EU Internal Market Commissioner Charlie McCreevy
announced his intention to propose to the European Commission (EC), in the
next several months, an extension of the copyright term for performers from
50 to 95 years. This proposal should be ready for adoption by the Commission
before the summer break of 2008.

As a justification to his action, Commissioner McCreevy stated: "I strongly
believe that copyright protection for Europe's performers represents a moral
right to control the use of their work and earn a living from their
performances. I have not seen a convincing reason why a composer of music
should benefit from a term of copyright which extends to the composer's life
and 70 years beyond, while the performer should only enjoy 50 years, often
not even covering his lifetime It is the performer who gives life to the
composition and while most of us have no idea who wrote our favourite song -
we can usually name the performer."

The Commissioner also believes the extension would have no negative impact
upon the consumer prices as studies show that the price of sound recordings
that are out of copyright is not necessarily lower than the ones under
copyright and no negative impact upon Europe's external trade balance as
most of the additional revenues collected during the extended term would
remain in Europe for European performers.

The same proposal was made in UK in May 2007 as a result of the lobby made
by some artists such as Cliff Richard and Roger Daltry (from the Who) to the
UK Government. However, in July 2007, the UK Government took the decision to
reject the proposal.

The Recast study of the Dutch Institute for Information Law, commissioned by
the European Commission and issued in November 2007, dealt
with the topic and its conclusions were unfavourable to an extension of the
copyright term for performers.

"Overall one can say that a term extension would indeed benefit those
performing artists that are still popular after 50 years and still receive
payments from collecting societies and/or participate in the revenues from
the sales of their recordings - providing they have not signed away their
rights against a single fee (...) the share of recordings that are still
commercially valuable after 50 years makes up for only a small part of the
overall repertoire. Benefits from a term extension would therefore only
accrue to a limited share of performing artists. For the larger part of
performers that do not derive substantial revenues after 50 years, a term
extension could -depending on the contractual setting- prevent their
recordings from either being commercially exploited by a secondary party or
by themselves; or from becoming accessible to the general public" reads the
report.

The report concludes that: "The authors of this study are not convinced by
the arguments made in favour of a term extension. The term of protection
currently laid down in the Term Directive (50 years from fixation or other
triggering event) is already well above the minimum standard of the Rome
Convention (20 years), and substantially longer than the terms that
previously existed in many Member States. (...) Perceived from an
international perspective the American terms are anomalous and cannot serve
as a legal justification for extending the terms of related rights in the
EU."

In August 2007, the EDRi-member Open Rights Group also published a very
strong opinion against the extension of the copyright term explaining that
the extension of the term would "discourage innovation, stunt the reissues
market, and irrevocably damage future artists' and the general public's
access to their cultural heritage". In the Group's opinion, the ones to
benefit from the term extension would certainly not be "the vast majority
of recording artists (...) Because artists generally do not receive any
royalty payments until the record label has covered the cost of production
and promotion, this means that 80% of recording artists receive no royalties
from their records. Their only income from recording is the non-refundable
advance against royalties paid to them by the label so that they can survive
whilst working on their album (...) royalty rates are set by the recording
company and agreed in binding contracts which usually include pages of
restrictions on how the artist can earn money (...) Like any business,
record companies are trying to maximise their income."

Gowers Review also recommended the rejection of the proposal on the basis of
a study carried out by a specialist team at the University of Cambridge
which found only a weak economic increase as a result of the extension of
the term (a 2% gain in the industry revenues) with increased costs imposed
on the wider economy and society.

Performing artists - no longer be the 'poor cousins' of the music business
(14.02.2008)
http://europa.eu/rapid/pressReleasesAction...rence=IP/08/240

EU commissioner: Let's extend music copyrights to 95 years. Ars: 50 years is
plenty (14.02.2008)
http://arstechnica.com/news.ars/post/20080...-is-plenty.html

EU proposes to allow artists to collect royalties for 95 years (15.02.2008)
http://euobserver.com/9/25669

Longer Copyright Terms and Poor Performing Artists (15.02.2008)
http://www.jorisvanhoboken.nl/?p=131

Release the Music - Should the term of copyright protection for sound
recordings be extended? (08.2007)
http://www.openrightsgroup.org/uploads/rel...music_aug07.pdf

============================================================
2. Germany: New basic right to privacy of computer systems
============================================================

The German Constitutional Court published on 27 February 2008 a landmark
ruling about the constitutionality of secret online searches of computers by
government agencies. The decision constitutes a new "basic right to the
confidentiality and integrity of information-technological systems" as
derived from the German Constitution.

The journalist and privacy activist Bettina Winsemann, the politician
Fabian Brettel (Left Party), the lawyer and former federal minister for
the interior Gerhart Baum (Liberal Party), and the lawyers Julius Reiter
and Peter Schantz had challenged the constitutionality of a December 2006
amendmend to the law about the domestic intelligence service of the
federal state of North-Rhine Westphalia. The amendmend had introduced a
right for the intelligence service to "covertly observe and otherwise
reconnoitre the Internet, especially the covert participation in its
communication devices and the search for these, as well as the clandestine
access to information-technological systems among others by technical
means" (paragraph 5, number 11). Parts of the challenges also addressed
other amendmends which are not covered here.

The decision of today is widely considered a landmark ruling, because it
constitutes a new "basic right to the confidentiality and integrity of
information-technological systems" as part of the general personality
rights in the German constitution. The reasoning goes: "From the relevance
of the use of information-technological systems for the expression of
personality (Persönlichkeitsentfaltung) and from the dangers for
personality that are connected to this use follows a need for protection
that is significant for basic rights. The individual is depending upon the
state respecting the justifiable expectations for the integrity and
confidentiality of such systems with a view to the unrestricted expression
of personality." (margin number 181). The decision complements earlier
landmark privacy rulings by the Constitutional Court that had introduced
the "right to informational self-determination" (1983) and the right to
the "absolute protection of the core area of the private conduct of life"
(2004).

Information-technical systems that are protected under the new basic right
are all systems that "alone or in their technical interconnectedness can
contain personal data of the affected person in a scope and multiplicity
such that access to the system makes it possible to get insight into
relevant parts of the conduct of life of a person or even gather a
meaningful picture of the personality." (margin number 203). This includes
laptops, PDAs and mobile phones.

The decision also gives very strict exceptions for breaking this basic
right. Only if there are "factual indications for a concrete danger" in a
specific case for the life, body and freedom of persons or for the
foundations of the state or the existence of humans, government agencies
may use these measures after approval by a judge. They do not, however,
need a sufficient probability that the danger will materialize in the near
future. Online searches can therefore not be used for normal criminal
investigations or general intelligence work.

If these rare conditions are met, secret online searches may only be used
if there are steps taken to protect the core area of the private conduct
of life, which includes communication and information about inner feelings
or deep relationships. These protections have to include technical
measures that aim at avoiding the collection of data from this core area.
The Court goes on: "If there are concrete indications in the specific case
that a certain measure for gathering data will touch the core area of the
conduct of private life, it has to remain principally undone." If data
from this core area is accidentially collected, it must be deleted
immediately and can not be used or forwarded in any case.

Reactions to the decision were mixed. The opposition parties and many
civil liberties groups acclaimed the birth of the new basic right with
constitutional status and the high hurdles for any future use of
governmental spyware. Others, among them many bloggers, were sceptical
about the exeption clauses and how far they can be stretched by the
government in future legislation and practice.

Secret online searches of personal hard drives and other storage media had
been subject to intense political debate in Germany over the last year
after the federal government had to admit it had already tried online
searches for criminal investigations without legal grounds and was stopped
by the Federal High Court. The federal government as well as several
states plan to enact similar possibilities for their intelligence and law
enforcement agencies, while the opposition parties and parts of the ruling
Social Democrats are strictly against it. Privacy activists have called
the plan "Federal Trojan" ("Bundestrojaner"). A real-life sized model of a
trojan horse in Germany's national colors which was built by activists
from EDRi member Chaos Computer Club (CCC) and used at several protest
marches will soon be exhibited in the Museum of German History in Bonn.

Federal Minister for the Interior Wolfgang Schäuble (Christian Democrats)
said he expects that the coalition will soon agree on a bill to give the
Federal Criminal Agency (BKA) the legal possibility to use online searches
in the fight against international terrorism. Privacy advocates pointed
out that Schäuble now at least has to stick to a very narrow definition of
fighting terrorist dangers and can not use this as a disguise for
introducing general and far-reaching surveillance of personal computer
systems.

Constitutional Court Press Release (only in German, 27.02.2008)
http://www.bverfg.de/pressemitteilungen/bvg08-022.html

Constitutional Court Decision (BVerfG, 1 BvR 370/07), (only in German,
27.02.2008)
http://www.bverfg.de/entscheidungen/rs2008...1bvr037007.html

Video from the announcing the decision:
http://video.google.com/videoplay?docid=86...82383&hl=en

Comprehensive press and background coverage (only in German)
http://netzpolitik.org/2008/neues-grundrec...ationssystemen/

Germany's Highest Court Restricts Internet Surveillance (27.02.2008)
http://www.dw-world.de/dw/article/0,2144,3152627,00.html

The most spied upon people in Europe (27.02.2008)
http://news.bbc.co.uk/1/hi/world/europe/7265212.stm

(Contribution by Ralf Bendrath - EDRi member Netzwerk Neue Medien)

============================================================
3. EC Draft Recommendation on RFID Privacy and Security published
============================================================

The European Commission published the Draft Recommendation on RFID Privacy
and Security on the Your Voice in Europe-Platform for public consultation.

After a public consultation on RFID Privacy Issues in 2006, some conferences
and workshops and various discussions on the topic within the RFID Expert
Group, this publication finally represents the measures that the Commission
recommends to the member states and stakeholders, in order to achieve a high
level of privacy and data protection in the context of RFID applications.

EDRi welcomes this Draft Recommendation, which contains various important
measures, like the recommendation that RFID reading areas as well as RFID
tagged object should be marked with a clear sign indicating the presence of
RFID tags or readers. Also the recommendation to conduct a Privacy Impact
Assessment before the deployment of RFID applications and to provide
information on the policy governing the use of this particular application
are important measures to inform individuals of the presence and the purpose
of a given RFID application.

Regarding RFID use in the retail environment, the Commission addresses two
scenarios:

a.When a RFID application processes personal data or when it is likely that
personal data will be created, the retailer should deactivate the tag unless
the consumer requests otherwise.

b.When the application does not process personal data and it is unlikely
that personal data will be generated through the application, the retailer
must only provide facilities to deactivate or remove the tag.

As already expressed in our contributions to the RFID Expert Group, EDRi
strongly asks for an opt-in regime unless there are sufficient mechanisms in
place to grant the individual full control over the RFID tags in his or her
possession and the data stored on them.

The problems with the two retail-scenarios differentiated by the Commission
are, that on the one hand the privacy risks not only stem from the RFID
application in question but from the unique identifier stored on the tag as
well as from the fact that this identifier can be utilised by any RFID
application looking for a unique identifier for a person. This problem will
not necessarily show up in the privacy risk assessment conducted for the
RFID application in question.

On the other hand, experience shows that industry representatives and
application operators often have problems with identifying privacy and data
protection threats. Especially the concept of personal data is often not
properly understood. Therefore it is not unlikely that application operators
will not recognize privacy and data protection problems and leave the
consumers with the burden to ask for deactivation or removal of the tags.

EDRi will therefore continue to argue for the implementation of binding
policy requiring the deactivation or removal of RFID tags unless sufficient
technical measures are in place to give individuals full control over the
RFID tags in their possession.

The discussion on RFID, privacy and security will certainly continue, not
only in the RFID Expert Group, but also amongst the public and the
stakeholders. But not only discussions, also improvements are requested, as
the Commission clearly states that it will evaluate the implementation of
the Recommendation in three years time, in particular with a focus on
systems "providing automatic deactivation at the point of sale on all items
except where consumers specifically opted in to the RFID application."

For now, it is important that the general public provides the Commission
with its opinions on the Draft Recommendation. Both approval and
criticism are equally welcome.

Draft Recommendation on the implementation of privacy, data protection and
information security principles in applications supported by Radio Frequency
Identification (RFID): your opinion matters!
http://ec.europa.eu/yourvoice/ipm/forms/di...ch?form=RFIDRec

RFID and Informed Consent - Using and removing of RFID functionality
(5.12.2007)
http://www.edri.org/edrigram/number5.23/rf...nformed-consent

European Data Protection Supervisor's opinion on RFID (16.01.2008)
http://www.edri.org/edrigram/number6.1/edps-opinion-rfid

Article 29 Working Party: Opinion no. 4/2007 on the concept of personal data
(20.06.2007)
http://ec.europa.eu/justice_home/fsj/priva...07/wp136_en.pdf

(contribution from Andreas Krish - EDRI-member VIBE! - Austria)

============================================================
4. MEP pressures for criminalizing copyright infringements
============================================================

Nicola Zingaretti, Socialist Member of the European Parliament (MEP) asked
the EU member states to speed up the plan to criminalise copyright
infringement that was first proposed in 2005 and agreed upon in 2007. The
implementation of the EU Intellectual Property Rights Enforcement Directive
(IPRED2) creating new rules on copyright protection would require the Member
States to pass laws that would penalise the infringement of intellectual
property rights.

At the beginning of February, Nicola Zingaretti, who was in charge of the
adoption of the new rules and a supporter of IPRED2, sent a letter to the
European Council asking member states to take "urgent action" to address the
"increasingly systematic violation of copyright by some Internet users" and
to "provide a timeframe for discussion" of the directive which has in view
the criminalisation of offences ranging from illegal downloading to the sale
of counterfeit medicines.

The new directive would criminalise illegal downloading but only if done
with a commercial purpose or with a commercial profit. Zingaretti wanted to
emphasize that: "It is about punishing mafia-style criminals, not about
jailing kids who download music from the internet."

The matter has dragged for two years now as there has been certain
reluctance and opposition from several member states. The original
Commission proposal has been greatly criticized, being considered as
disproportional and failing to make adequate distinctions between legal
activities and commercial piracy enterprises and even common activities of
ordinary individuals. IPRED2 draft was amended by the European Parliament
but even so, it has raised concerns as key concepts and definitions are left
unacceptably vague. One reason of concern was the fact that a European
Parliament adopted amendment was not included in the final text that was
passed by the Parliament in April 2007.

Ante Wessels, an analyst of the Foundation for a Free Information
Infrastructure stated: "We have always warned that the definitions in this
criminal law are badly drafted. And indeed, now the directive has passed
parliament, the Rapporteur admits that the law is actually much broader than
he has always claimed it is. (...) The Commission proposal is
disproportional and the European Parliament left key concepts and
definitions unacceptably vague. On top of that, democratic procedure is
violated by leaving out an adopted amendment."

EU Parliament demands action on criminal IP penalties (21.02.2008)
http://www.out-law.com//default.aspx?page=8883

EU states urged to adopt tougher copyright protection rules (20.02.2008)
http://www.euractiv.com/en/infosociety/eu-...-170413?Ref=RSS

Parliamentary questions - Written Question by Nicola Zingaretti (PSE) to the
Council Subject: Criminal measures to enforce intellectual property rights
(5.02.2008)
http://www.europarl.europa.eu/sides/getDoc...amp;language=EN

EP Rapporteur wants to crack down on internet users (19.02.2008)
http://press.ffii.org/Press_releases/EP_Ra..._internet_users

EDRi-gram: IPRED2 voted in first reading by the European Parliament
(25.04.2007)
http://www.edri.org/edrigram/number5.8/ipred2

============================================================
5. French Police extends the Internet blacklist
============================================================

French Internal Affairs Minister, Michèle Alliot-Marie, announced on 14
February 2008 new measures to fight against cybercrime, including extending
the websites blacklist and pushing for computer online investigations,
without the permission of the country of the hosting company.

The Minister visited the Cybercrime Brigade that is located in Nanntere and
announced a new "best practices chart" with the operators in order to block
websites. According to the statements, the Norwegian model was taken into
consideration, meaning the creation of a list with websites not only with
child pornography information, but also the ones with information on making
explosives or chemical weapons, terrorist propaganda and racial hate speech.

The way the authorities will work with the ISPs is not clear yet, because
these ones don't seem too happy to make pages inaccessible by Internet
users. The Minister talks about a "constructive dialogue", but the ISP will
be asked to automatically block the access to a certain webpage when the
Police is notifying them.

The French authorities admit that the task will not be an easy one, since
most of the problematic websites are hosted out of the French border. Thus,
out of the last year complaints, only 308 were referring to websites hosted
in France, meanwhile 1552 referred to pages abroad.

The Minister has tried to explain that the new measures are not Big
Brother-type surveillance methods, but that all is about "protecting
Internet users".

Another measure planned by the Minister is a European platform for
exchanging information related to cybercrime, within the Europol. She plans
to take advantage of the French Presidency of the European Union from July
to December 2008 to suggest the creation of an international cooperation in
order to allow "distance online searches of computer systems, without a
prior authorisation from the country where the server is hosted."

Other ideas include usage of geo-localization in a case brought in front of
justice and identifying users via the payment methods to buy illegal
services.

All these new ideas will be included in a draft law that will modify the law
regarding internal security, that the Minister will present during this
Spring.

Fight against Cybercrime: Michèle Alliot-Marie presents her plan
(only in French, 15.02.2008)
http://www.vnunet.fr/fr/news/2008/02/15/lu...egaine_son_plan

Fight against crime on the Internet (only in French, 12.02.2008)
http://www.lefigaro.fr/actualites/2008/02/...surinternet.php

Police gets tools for tracking illegal websites (only in French, 15.02.2008)
http://www.lemonde.fr/societe/article/2008...11842_3224.html

EDRi-gram: The French Ministry of Interior has a new interception platform
(6.07.2007)
http://www.edri.org/edrigram/number5.11/fr...-interceptation

============================================================
6. Romanian Govt adopts Data retention law, but calls it inefficient
============================================================

The Romanian Government adopted on 20 February 2007 the draft law on
data retention, but despite the official press release that praises the new
measure, several officials have complained about the lack of reality of the
legal text.

The draft law was adopted by the Government at about one year after the
Ministry of Information Technology and Communication (MCTI) presented the
first draft, with no major changes in the text. This means that the
Government has changed its previous intention to adopt the text as an
Emergency Ordinance.

The data should be retained for one year. The obligation to retain the data
is only for electronic communication operators, thus excluding information
society service providers. The retained data can be accessed by prosecutors
only in the penal cases related to organized crime and terrorism crimes and
with a proper specific judge-approved access authorization. The intentional
access to the data without a proper authorization is a crime punished with
prison from 6 months to 2 years.

Unfortunately, the text of the draft law still preserves the confusion
regarding the access of the security services to the retained data. Thus,
Article 20 foresees that for preventing and fighting against "threats to the
national security", the data can be accessed by the "state institutions with
attributions in this area" under the conditions established by the "laws on
national security." This very broad terminology raises significant question
marks on the practical application of the text and possible abuses.

The official press release of the MCTI praises the adoption by Romania of
the "European standards" on data retention. But the optimistic
tone is contradicted by the person in the Ministry in charge with writing
the law, State Secretary Constantin Teodorescu, who declared to the Money
Channel that obtaining the data for emails will not increase the chances of
discovering the crimes: "The EU requests are exaggerated!".

He also explained that the issue can't be solved for email addresses hosted
on foreign web servers and confirmed that the text "is a 100% translation of
the European Directive." He also stated that a possible solution will be to
convince the EU Commissioner Viviane Reading that the draft law will not
work: "The solution should be that the Internet providers come together with
the Ministry and explain to the Commisioner the technical point of view that
these are measures not easy to fullfil and they leave huge gaps."

The President of the Romanian ISP Association, Mihai Batrineanu, considers
the measure regarding the email as useless: "The request is just infantile.
If someone wants to do a bad thing, he will not send emails from his
personal address" and he also complained about the additional costs
required for ISPs to implement the measures.

According to the draft, the Internet-related data will be kept only starting
with 15 March 2009. The Government adopted text will now be sent to the
Parliament for debates.

Draft Law on data retention (only in Romanian)
http://www.mcti.ro/index.php?id=16&lege=412

Retaining technical data on email - inefficient and redundent measure
(only in Romanian, 22.02.2008)
http://www.cotidianul.ro/index.php?id=57&a...Hash=c940f74602

Romania aligns to European standards for data retention for
fixed and mobile telephony and ISP (only in Romanian, 20.02.2008)
http://www.mcti.ro/index.php?id=1&art=620&L=0

EDRI-gram: First draft on data retention law in Romania (9.04.2007)
http://www.edri.org/edrigram/number5.9/dat...tention-romania

============================================================
7. Legislation against Internet filesharing in UK
============================================================

The UK Government intends to introduce legislation that will force ISPs to
disconnect theirs customers that illegally download music or films.

Andy Burnham, the culture secretary, told the Financial Times "the
government has no burning desire to legislate", but he announced a change of
tone from the Government. A document called "Creative Britain: New Talents
for the New Economy" commits the government to a consultation on anti-piracy
legislation this Spring. The legislation could be implemented by April 2009.

The draft consultation which suggests that ISPs would be required to take
action against illegal filesharers is aimed at dealing with the estimated 6
million UK Internet users that illegally download files every year.

The paper apparently suggests a "three-strikes" regime. "Users suspected of
wrongly downloading films or music will receive a warning e-mail for the
first offence, a suspension for the second infringement and the termination
of their Internet contract if caught a third time, under the most likely
option to emerge from discussions about the new law." It also proposes the
prosecution of the companies that will not observe this procedure. The
information was however denied by Mr. Burnham.

The Internet Service Provider's Association (ISPA) believes that it
would be difficult to create the appropriate legislation and stated ISPs
were already considering self-regulation. Some of the UK's biggest Internet
Providers, such as BT, Virgin and Tiscali have had discussions with the
entertainment industry on the introduction of a voluntary scheme for illegal
downloading activities, but no agreement has been reached yet.

EDRI-member Open Rights Group points out that the proposals are
disproportionate and meant to fail as unrealistic. Filesharers will simply
find methods to cover their identities using encryption and software will be
created to help non-technical users to do the same thing. Besides, the
measures will not help artists and will upset instead their fans.

The new proposed legislation could also raise problems in terms of the
European laws on online privacy. ISPA believes data protection laws would
prevent providers from checking on the content of information sent over
their networks. "ISPs are no more able to inspect and filter every single
packet passing across their network than the Post Office is able to open
every envelope," said the association.

Government to ban illegal filesharers from the internet? (12.02.2008)
http://www.openrightsgroup.org/2008/02/12/...m-the-internet/

Illegal downloaders 'face UK ban' (12.02.2008)
http://news.bbc.co.uk/2/hi/business/7240234.stm

ISPs could face piracy sanctions (22.02.2008)
http://news.bbc.co.uk/2/hi/technology/7258437.stm

DCMS - Unlocking Talent (22.02.2008)
http://www.culture.gov.uk/NR/rdonlyres/096.../CEPFeb2008.pdf

=============================================================
8. Note2be.com under investigation by CNIL
============================================================

Following several complaints and notifications, the French Data Protection
Authority (Commission Nationale de l'Informatique et des Libertés - CNIL) is
investigating Note2be.com website created in January 2008 that was proposing
pupils to grade and evaluate their teachers.

The site encouraged pupils the give the name of the teachers they graded,
the name of the school and the teacher's subject. On 13 February, three CNIL
representatives made an emergency check out of the locations of
the site webmasters.

The site has raised the anger of both the teacher's union as well as that of
the pupils' parents. "This site is the antithesis of education and
citizenship because it is based on tattling, denigration and disrespect"
wrote FCPE (Federation of the Councils of Parents with Children in Public
Schools).

Xavier Darcos, the Ministry of Education has also criticized the site
emphasizing the fact that the teachers' evaluation is exclusively made by
the national education system.

The SNALC-CSEN (The National Union of High Schools and Colleges) has started
a procedure that offers those who find their names on the respective site
three different possible means of action: to use the right to response, the
right to ask for the deletion of any information related to them and the
right to access all information on them, posted on the respective site. The
union also offers models of documents that can be used for the respective
actions and gives information on how to proceed in case there is no
compliance from the site.

CNIL is presently investigating the site to verify whether there has been
any infringement of the law and advised it would give its conclusions on 6
March 2008.

The Cnil and National Education condemn Note2be.com practices (only in
French, 15.02.2008)
http://www.zdnet.fr/actualites/internet/0,...39378641,00.htm

Note2be.com, the teachers' grading site, controlled yesterday by the CNIL
(only in French, 14.02.2008)
http://www.cnil.fr/index.php?id=2394&news[uid]=520&cHash=c012d6c702

Note2be, informatics and freedom (only in French, 10.02.2008)
http://contrenote2be.unblog.fr/2008/02/10/...que-et-liberte/

============================================================
9. ENDitorial: Finnish web censorship
============================================================

As of 1 January 2007 a law took effect in Finland allowing the Police to
maintain a secret blacklist of child water sites and distribute it to ISPs so
that these may block access to those sites. Use of the lists is ostensibly
voluntary to ISPs, but there have been rather strong hints of making it
mandatory if not adopted otherwise. After a slow start, Police actually
started distributing the list late last year and several ISPs have began
using them.

In February 2008, the police added the site lapsiporno.info to the
blacklist. Despite the name (Lapsiporno means "child water" in Finnish), the
website contains no child or any other kind of water, but criticism of
censorship and a partial collection of addresses from the officially secret
list.

Publishing the list was apparently what made the police blacklist it. The
point of the published list, however, was to demonstrate that not all
blocked sites were child water ones and there, it has succeeded beyond
expectations.

Several people have gone through the list of over 1000 addresses and have
concluded that the numbers of actual child water sites are no more than 10,
with some 30 or so borderline cases. Most of the sites contained legal
sexual content, while some had no apparent connection with happy time at all, like
a violin shop in Japan and a memorial of Thailand's late princess. Even one
search engine was blocked.

After a public outcry, the police stated they woudn't explain the
justification of blocking any individual site, but suggested that the
collection of links to the banned sites could be construed as a "portal" to
them, and summoned Matti Nikki for questioning, under suspicion of aiding
the distribution of child water. No charges have been made as of now.

Meanwhile, there have been several complaints about the legitimacy of the
law and the legality of the Police action to the Parliamentary Ombudsman and
to the Chancellor of Justice, among others by EDRi-member Electronic
Frontier Finland, arguing, inter alia, that the law is against the
constitution, the police interpretation of it is arbitrary and the law
wouldn't achieve its stated purpose even if effectively implemented.

The minister of communications, Ms. Suvi Lindén, defended the law in public
in a way that suggested she completely failed to understand the point of the
criticism, even hinting she'd want to make filtering mandatory to ISPs.
Subsequently, a Internet petition was started demanding her resignation,
which until now it has attracted almost 12000 signatures (for the sake of
comparison, she was elected to the Parliament with just 4131 votes).

Otherwise, only one parliamentarian, Mr. Jyrki Kasvi, has spoken against the
censorship - others have made no public statements whatsoever. Finnish
politicians have clearly been taken by surprise.

There have been talks about "crisis of democracy" in Finland due to the
decreasing voter turnout. Perhaps there is a crisis but rather due to
government actions eroding people's freedoms. That people are rising to
defend freedom of speech even in such a controversial context suggests
democracy isn't dead here yet.

Finish Internet Censorship List
http://lapsiporno.info/suodatuslista/?lang=en

Recent developments in the Finnish Internet censorship system. The Finnish
police censors much more than was originally intended (18.02.2008)
http://www.effi.org/blog/kai-2008-02-18.html

(Contribution by Tapani Tarvainen - EDRi-member Electronic Frontier
Finland)

============================================================
10. Recommended Reading
============================================================

Article 29 Working Party changes its president
http://ec.europa.eu/justice_home/fsj/priva...19_02_08_en.pdf

============================================================
11. Agenda
============================================================

10-12 March 2008, Geneva, Switzerland
WIPO Standing Committee on Copyright and Related Rights: Sixteenth Session
http://www.wipo.int/meetings/en/details.jsp?meeting_id=14502

15 March 2008, London, UK
OKCon 2008 - Open Knowledge: Applications, Tools and Services
http://www.okfn.org/okcon/

19 March 2008, London, UK
Musicians, fans and online copyright
http://www.eventbrite.com/event/98391291

2-4 April 2008, Berlin, Germany
re:publica - The Critical Mass
http://www.re-publica.de

10-12 April 2008, Amsterdam & Hilversum, Netherlands
Economies of the Commons - Strategies for Sustainable Access and Creative
Reuse of Images and Sounds Online
International Working Conference
http://www.ecommons.eu

28-29 April 2008, Vienna, Austria
PRISE Final Conference -Towards privacy enhancing security technologies -
the next steps
http://www.prise.oeaw.ac.at/conference.htm

9-10 May 2008, Florence, Italy
"Digital communities and data retention"
Deadline for papers submission is 31 March 2008
http://e-privacy.winstonsmith.info/

15-17 May 2008, Ljubljana, Slovenia
EURAM Conference 2008 - Track "Creating Value Through Digital Commons"
How collective management of IPRs, open innovation models, and digital
communities shape the industrial dynamics in the XXI century.
http://www.euram2008.org

30-31 May 2008, Bucharest, Romania
eLiberatica 2008 - The benefits of Open and Free Technologies
http://www.eliberatica.ro/2008/

17-18 June 2008, Seoul, Korea
The Future of the Internet Economy - OECD Ministerial Meeting
http://www.oecd.org/FutureInternet

23-25 July 2008, Leuven, Belgium
The 8th Privacy Enhancing Technologies Symposium (PETS 2008)
http://petsymposium.org/2008/

19-20 July 2008, Stockholm, Sweden
International Association for Media and Communication Research
pre-conference
Civil Rights in Mediatized Societies: Which data privacy against whom and
how ?
Deadline for papers submission is 1 April 2008
http://www.iamcr.org/content/view/301/1/

8-10 September 2008, Geneva, Switzerland
The third annual Access to Knowledge Conference (A2K3)
http://isp.law.yale.edu/Wiki/view.aspx/A2K3_Announcements

============================================================
12. About
============================================================

EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 28 members based or with offices in 17 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRI-grams.

All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and visibly on the
EDRI website.

Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 2.0 License. See the full text at
http://creativecommons.org/licenses/by/2.0/

Newsletter editor: Bogdan Manolea <edrigram@edri.org>

Information about EDRI and its members:
http://www.edri.org/

European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring

- EDRI-gram subscription information

subscribe by e-mail
To: edri-news-request@edri.org
Subject: subscribe

You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: edri-news-request@edri.org
Subject: unsubscribe

- EDRI-gram in Macedonian

EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edrigram-mk.php

- EDRI-gram in German

EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/

- Newsletter archive

Back issues are available at:
http://www.edri.org/edrigram

Sabu

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.