[wilhelmtux-discussion] Free Software in Bulgaria, Swiss ISPs to store mail logs (ERDRI-Gram)

Robert Ribnitz ribnitz at linuxbourg.ch
Don Apr 10 12:28:16 CEST 2003


----- Forwarded message from EDRI-gram newsletter <edrigram at edri.org> -----

Envelope-to: ribnitz at linuxbourg.ch
Delivery-date: Wed, 09 Apr 2003 20:01:45 +0200
To: edri-news at edri.org
From: EDRI-gram newsletter <edrigram at edri.org>
X-MIME-Autoconverted: from quoted-printable to 8bit by quintessenz.at id
	h39HXSSd003855
X-Mailman-Approved-At: Wed, 09 Apr 2003 19:38:25 +0200
X-BeenThere: edri-news at edri.org
X-Mailman-Version: 2.1.1
List-Id: <edri-news.edri.org>
List-Help: <mailto:edri-news-request at edri.org?subject=help>
List-Post: <mailto:edri-news at edri.org>
List-Subscribe: <http://www.edri.org/cgi-bin/mailman/listinfo/edri-news>,
	<mailto:edri-news-request at edri.org?subject=subscribe>
List-Archive: <http://quizzebox.quintessenz.at/pipermail/edri-news>
List-Unsubscribe: <http://www.edri.org/cgi-bin/mailman/listinfo/edri-news>,
	<mailto:edri-news-request at edri.org?subject=unsubscribe>
X-MIME-Autoconverted: from 8bit to quoted-printable by quintessenz.at id h39HcQSe003945
Subject: EDRI-gram - Number 6, 9 April 2003
X-Spam-Status: No, hits=0.9 required=5.0
	tests=MSG_ID_ADDED_BY_MTA_3,US_DOLLARS_3
	version=2.53
X-Spam-Level: 
X-Spam-Checker-Version: SpamAssassin 2.53 (1.174.2.15-2003-03-30-exp)
X-SA-Exim-Scanned: Yes


==================================================================

                            EDRI-gram

     bi-weekly newsletter about digital civil rights in Europe

                     Number 6, 9 April 2003

==================================================================
Contents
==================================================================

1. Stupid security measures in Europe
2. Draft law promotes free software in Bulgaria
3. New content restrictions in Germany
4. Swiss providers to keep email records for 6 months
5. Danish committee on citizens IT-rights
6. Austria looses court case about surveillance costs
7. Recommended reading: privacy policy
8. Agenda
9. About

==================================================================
1. STUPID SECURITY MEASURES IN EUROPE
==================================================================

During last weeks CFP conference (Computer Freedom Privacy) in New York, 
Simon Davies from UK EDRi-member Privacy International announced the 
winners of the Stupid Security Awards. The jury received some 5.000 
nominations from 35 different countries. Though most of the winners are 
American, Europe also produced some very noteworthy stupid security 
measures. UK mobile phone company T-Mobile won a Most Annoyingly Stupid 
Award 'for pointless and idiotic financial security measure'. T-Mobile 
won't let anyone pay more than fifty pounds a month from a bank account, 
for unspecified 'security' reasons. Runner-Up for the Most Egregiously 
Stupid Award was Moscow Mayor Yury Luzhkov for the "Propiska" Identity 
Papers, while UK Heathrow Airport was selected the runner-up for the Most 
Inexplicably Stupid Award.

In Moscow both foreigners and citizens of Russia need a special permission 
to be in Moscow, a propiska-paper. According to the nomination, propiska 
was already invented in 1932 by Stalin, but reintroduced in 2002 as a 
measure against terrorism. The usual price is USD 1-3 for Russians and USD 
10 and more for others. To obtain it officially seems virtually impossible. 
"You need to fill out a lot of applications, collect many signatures and 
permissions. According to different sources you are responsible to get a 
registration in 3 or 10 days after arriving to Moscow. This is even 
theoretically impossible because registration department (pasportnyi stol) 
works only 2-3 hours a week and you have to wait hours and hours in a huge 
line. In addition, any official may refuse you without any explanation."

A passenger on Heathrow Airport was found to carry a box with loose leaf 
Chinese tea. Unfortunately, it was of a well known variety known as 
Gunpowder Tea, and had this printed on the packaging. It was decided that 
the tea was allowed, but the evil word "Gunpowder" was not. Consequently 
the security staff then rummaged around and found a plastic bag into which 
they decanted the fragrant tea leaves, and confiscated the cardboard 
packaging.

Other European stupid security measures include:

- The refusal of UK railways company Railtrack to provide litter bins on 
stations (a bomb could be hidden in there).
- Irish budget Airline Ryan Air accepting international student cards as 
photographic ID but refusing military ID-cards.
- The Danish Ferry-Company requiring fingerprint scans to board a boat from 
the island Bornholm to mainland Denmark.
- The French province of Pyrenees-Atlantiques allowing nightclubs and 
disco's with sufficient camera-supervision (CCTV) to stay open 1 hour longer.
- A Scuba diving club in Devon (UK) requiring a full security check from 
people interested in taking classes.
- An anonymous UK airline forbidding its pilots to carry nail clippers, 
while allowing for a huge fire-axe in every cabin.

Selected nominations in 5 categories (08.04.2003)
http://www.privacyinternational.org/activities/stupidsecurity/

Details about Moscow Propiska
http://www.nelegal.net/articles/index.html


==================================================================
2. DRAFT LAW PROMOTES FREE SOFTWARE IN BULGARIA
==================================================================

A draft law, currently discussed in parliament in Bulgaria, will oblige all 
governmental institutions to use free software and open formats with their 
computer information systems within 2 years. The law addresses all state 
bodies, mayors of municipalities and regions, higher schools, medical 
establishments, non-profit legal entities as well as other bodies and 
entities that receive governmental funding. A permit of exception from this 
obligation can only be procured on a case-by-case basis, if no free 
software is available for a specific purpose.

In the Bulgarian definition, free software must allow for:

- Unlimited use of the software for all purposes;
- Unlimited access to the source code;
- Comprehensive check of its mechanisms of operation;
- Use of internal mechanisms and of any arbitrary part of it, so that it 
can be adapted to the needs of the user;
- Production and public distribution of its copies;
- Modification and free distribution of changes as well as of the newly 
designed software under the same conditions as those of the original.

If adopted, the law would bring about a remarkable change of policy. Only a 
year ago, Minister of the State Administration Dimitar Kalchev triumphantly 
announced a new contract with Microsoft for the provision of software to 
the state administration. In total, in 3 years Bulgaria would have to pay 
USD 8,400,000 (EUR 7,862,245) to Microsoft.

Press release 'The contract with Microsoft is one of the most advantageous 
contracts sealed in the country' (14.06.2002)
http://www.government.bg/English/Priorities/Administration/2002-06-14/671.html

A copy of the draft law is available through Veni Markovski <veni at veni.com>.


==================================================================
3. NEW CONTENT RESTRICTIONS IN GERMANY
==================================================================

In Germany, new content restrictions were introduced for the protection of 
minors, extending current regulations and indexing schemes for film and 
video to internet and games. Since 1 April all kinds of ego shooters and 
electronic media "glorifying war" are banned. Furthermore, under the new 
regulation, all computer games must carry labels with minimum age 
requirements. The restrictions on computer games were speeded up after a 
youngster killed 18 people in his school in the city of Erfurt a year ago. 
The youngster was addicted to the game 'Doom', media reported.

Through the new additions on the Treaty on Human Rights & the Protection of 
Minors in Broadcasting and Telecommunication Media a new central commission 
decides on illegal and harmful media and Web content. Though the 
implications are not yet clear, the extension to web pages might mean 
filtering mechanisms will have to be introduced to prevent minors from 
accessing indexed web pages.

Based on a German article in Heise (03.04.2003)
http://www.heise.de/newsticker/data/jk-03.04.03-002/default.shtml

Available in English through
http://www.computeruser.com/news/03/04/03/news5.html


==================================================================
4. SWISS PROVIDERS TO KEEP EMAIL RECORDS FOR 6 MONTHS
==================================================================

Since 1 April, new legislation went into force that obliges Swiss Internet 
Service Providers (ISPs) to keep a 6 month email log file. That means they 
will have to store time, size and addresses of all emails sent by their 
customers (the SMTP envelope data). The authorities will be able to access 
these stored data with a search warrant only. Access is limited to a number 
of serious offences such as paedophilia and drug trafficking.

There is no general obligation to store the content of all emails, but 
providers can be ordered to keep the specific correspondence of a suspect 
(preservation) and forward it to a special new crime-investigating unit.

Internet service providers have resisted the new legislation, pointing at 
the high costs of storage and selection software. However, the new 
legislation hasn't fully satisfied law enforcement officers either. Before 
this law was introduced, there were no restrictions on the type of data a 
judge could order an ISP to hand-over. "The politicians weren't very 
pragmatic," said Nicolas Cruchet, an investigating judge in canton Vaud. 
"These restrictions undermine the value of the law."

Sunrise, Switzerland's second-biggest ISP, estimated that complying with 
the legislation would cost the company around 1 million Swiss Francs 
(673,000 Euro). Some smaller ISPs have threatened to pass the extra costs 
on to their customers. Company and university servers are not covered by 
the new rules; nor are cybercafes.

A confidential document about the technical requirements of wiretapping in 
Switzerland (02.04.2002) can be found at:
http://cryptome.org/ch-ilets-regs.htm

Contribution by Felix Rauch, Swiss Internet User Group (SIUG).


==================================================================
5. DANISH COMMITTEE ON CITIZENS IT-RIGHTS
==================================================================

The Danish ministry of science and technology has mandated a committee on 
citizens IT-rights. The committee has representatives from various 
ministries, consumer organisations, the IT-business sector and civil 
society. EDRi-member Digital Rights has participated in the committee since 
it started its work in September 2002. The aim of the committee is to give 
recommendations to areas where existing laws and practices in Denmark may 
hinder citizen's enjoyment of their IT-rights. Areas under scrutiny 
include: citizen's communication with the public sector, privacy and 
registration, freedom of expression and access to information. The fiercest 
debates within the committee were about data retention (obligatory in 
Denmark for the period of 1 year), access to public information and ISP 
self-regulation. The recommendations are expected to be finalised by 
May/June 2003.

Information is available at (in Danish)
http://www.vtu.dk/

or through committee member Rikke Frank J?rgensen from Digital Rights 
<rfj at digitalrights.dk>.

==================================================================
6. AUSTRIA LOOSES COURT CASE ABOUT SURVEILLANCE COSTS
==================================================================

Telecommunication companies in Austria have won an important court case 
against the federal government. Though in general the wiretapping 
provisions in the new Telecommunications Law were not deemed 
unconstitutional, from 2004 onwards, government will have to reimburse 
providers for the costs of procuring and maintaining surveillance equipment.

Full verdict in German (27.02.2003)
http://www.vfgh.gv.at/vfgh/presse/G37-16-02.pdf


==================================================================
7. RECOMMENDED READING: EPIC AND PI 2002 REPORT ON PRIVACY
==================================================================

Each year, Privacy International and the Electronic Privacy Information 
Center review the state of privacy in over fifty countries around the 
world. The survey examines a wide range of privacy issues including, data 
protection, telephone tapping, genetic databases, ID systems and freedom of 
information laws.

Specifically, the 2002 edition of Privacy and Human Rights examines the 
impact of government proposals after 11 September 2001 on privacy and civil 
liberties. The report documents many new anti-terrorism and security 
measures and identifies key trends including increased communications 
surveillance, weakening of data protection regimes, and increased profiling 
and identification of individuals.

The book can be ordered via the EPIC bookstore for USD 25
http://www.epic.org/bookstore/phr2002/

==================================================================
8. AGENDA
==================================================================

6-7 May 2003 Padova, Italy - Information Society Visions and Governance
Contact for information: Claudia Padovani <claudia.padovani at unipd.it>.

8 May 2003, Brussels, Belgium - European Parliament hearing on Software 
Patents
Small and medium enterprises are requested to register and attend
http://www.quintessenz.at/cgi-bin/index?funktion=view&id=000100002512

8-9 May 2003, Namur, Belgium - Collecting and Producing Electronic Evidence 
in Cybercrime Cases
2-day workshop organised by the University of Namur
http://www.ctose.org/info/events/workshop-8-9-may-2003.html

30 June - 2 July 2003 St. Petersburg, Russia - Building the Information 
Commonwealth
http://www.communities.org.ru/conference/

7-10 August 2003 Berlin, Germany - Chaos Computer Camp 2003
http://www.ccc.de/camp/


==================================================================
9. ABOUT
==================================================================

EDRI-gram is a bi-weekly newsletter from European Digital Rights, an 
association of privacy and civil rights organisations in Europe. Currently 
EDRI has 10 members from 7 European countries. EDRI takes an active 
interest in developments in the EU accession countries and wants to share 
knowledge and awareness through the EDRI-grams. All contributions, 
suggestions for content or agenda-tips are most welcome.

Newsletter editor:
Sjoera Nas <edrigram at edri.org>

Information about EDRI and its members:
http://www.edri.org/

- EDRI-gram subscription information

subscribe/unsubscribe web interface
http://www.edri.org/cgi-bin/mailman/listinfo/edri-news/

subscribe by email
To: edri-news-request at edri.org
Subject: subscribe

You will receive an automated email asking to confirm your request.

- EDRI-gram in Spanish

EDRI-gram is also available in Spanish, usually 3 days after the English 
edition. The contents are the same. Translations are provided by David 
Casacuberta, secretary of the Spanish chapter of Computer Professionals for 
Social Responsibility (CPSR).

To subscribe to the Spanish language EDRI-gram, please visit
http://www.edri.org/cgi-bin/mailman/listinfo/edri-grama/

or subscribe by email:

To: edri-grama-request at edri.org
Subject: subscribe

- Newsletter archive

Back issues are available at:
http://www.edri.org/cgi-bin/index?funktion=edrigram

- Help

Please ask info at edri.org if you have any problems with subscribing or 
unsubscribing.

==================================================================
Publication of this newsletter is made possible by a grant from
the Open Society Institute (OSI).
==================================================================



----- End forwarded message -----