Article published in EDRi-gram 9.2

European Digital Rights has published a study on the scale of measures being undertaken to outsource policing activities to private companies in the Internet environment and its significance for fundamental rights, transparency and openness on the Internet.

Internet intermediaries around the world are taking on more important roles in their states’ efforts to address the dissemination of illegal online content and this trend is likely to become stronger as we move into a new environment of “extra-judicial sanctions” against consumers. With some notable exceptions, these activities are being forced onto Internet intermediaries rather than being demanded by them.

The study found that the term “self-regulation” is being inappropriately used to describe what is not self-regulation at all, but the monitoring, policing and even punishing of alleged illegal activities of citizens. Proposed legislation and “non-binding guidelines” are forcing intermediaries into a position in which they can no longer avail themselves of legal protections – where they are obliged, in effect, to police private online communications, often in blatant disregard of legal safeguards and even to impose sanctions for alleged infringements.

Should Internet intermediaries become privatised enforcement systems? The measures recently taken by Visa, Mastercard, PayPal and EveryDNS against WikiLeaks are a case in point. Even without WikiLeaks being charged with any particular crime, private companies have acted unilaterally against it.

The devolved enforcement initiatives documented in the report aim to persuade industry to engage in a vigilante system of monitoring and sanctioning; the report catalogues current international proposals, which include:
- a series of ongoing “public-private dialogues” organised by the European Commission to encourage hosting providers to engage in extra-judicial rulings of illegality;
- a 2010 European Commission funding proposal incentivising companies to engage in “self-regulatory” Internet blocking of allegedly illegal online material;
- discussions launched by the Council of Europe’s Assembly in 2010 whose intention appears to be to increase the legal obligations of intermediaries, despite the fact that this would be “contrary both to the letter and the spirit of the 2003 Declaration on freedom of communication on the Internet”;
- 2010 OECD discussions, which aim to increase the responsibility of Internet intermediaries in advancing “public policy objectives”;
- the Anti-Counterfeiting Trade Agreement (ACTA) that contains provisions that would encourage or coerce ISPs into policing their networks and enforcing extra-judicial sanctions, where they deem it to be appropriate;
- an OSCE consultation in 2010, the aim of which was to explore ways to enable ISPs to “‘regulate’ online legal or illegal ‘hate speech’”‘;
- EU/India and EU/Korea bilateral free trade agreements that would change the EU acquis on intermediary liability.

The encouragement of extra-legal measures to limit access to information, proactive policing of the Internet and the exclusion of law enforcement authorities in investigating serious crimes are factors that contribute to the weakening of the rule of law and democracy. Indeed, by taking responsibility away from legal authorities, such measures can result in serious crime, such as the publication of child abuse material online, being addressed by industry through cosmetic measures (such as blocking) rather than proper investigation and prosecution.

While these appear to be regressive steps away from freedom, the study found, for instance, that the European Commission appears far from perturbed by the dangers for fundamental rights of this approach and appears keen to export the approach. This process is gradually strangling the openness that is at the core of the Internet. This openness has enhanced democracy, has shaken dictatorships and has boosted economies worldwide. This openness is what we will lose through privatised policing of the Internet by private companies – what will we gain?

EDRi report: The slide from “self-regulation” to corporate censorship (24.01.2011)
http://www.edri.org/files/EDRI_selfreg_final_20110124.pdf

Text of the press releas also available in:

German
http://www.edri.org/files/EDRi_pressemiteilung_deutsch.pdf

Swedish
http://www.edri.org/files/EDRi_pressmedel_svenska.pdf

French
http://www.edri.org/files/EDRi_communique_francaise.pdf

Hungarian
http://www.edri.org/files/magyar_sajtokozlemeny_EDRi_jelentes.pdf

Slovak:
http://www.soit.sk/sk/aktualne/oit-vo-svete/2011-01-26/106-nova-studia…

The special BONUS EDRi-gram has been prepared by EDRi members and observers as a present for all EDRi’s website visitors an EDRi supporters.

It contains information regarding the association European Digital Rights (EDRi), its Brussels Office and its newsletter.  As always, it is available under Creative Commons 3.0 BY licence.  It also gives you the opportunity, for the first time in 9 years (!!!), to send EDRi a Christmas present !

For more information about EDRi, please check our 2009-2010 activity report !

EDRi sends you all best wishes for the New Year and happy winter holidays!

This issue of EDRi-gram is also available in:
German
http://www.unwatched.org/node/2461
French
http://www.iris.sgdg.org/info-debat/bonus-edrigram.html
Danish
http://www.unwatched.org/node/2468
Macedonian
http://www.metamorphosis.org.mk/en/news/edri-gram/1837-bonus-izdanie-na-edri-gram
Albanian
http://www.metamorphosis.org.mk/sq/lajme/edri/1837-bonus-izdanie-na-edri-gram

Article published in EDRi-gram 8.24.
Free subscription !

In the case introduced by L’Oreal against auction site eBay and referred by the High Court of Justice (England and Wales) to the European Court of Justice (ECJ) the Advocate General, Niilo Jaaskinen, published on 9 December 2010 its opinion that the site could not be considered liable for trademark infringement committed by its users in case it was not expressly notified regarding such infringements.

However, in case electronic marketplaces, such as eBay, do not take measures to stop a trademark infringement when notified of it, they will no longer be except from liability: “Regarding the same user and the same trade mark an operator of an electronic marketplace has actual knowledge in a case where the same activity continues in the form of subsequent listings and can also be required to disable access to the information the user uploads in the future. In other words, exemption from liability does not apply in cases where the electronic marketplace operator has been notified of infringing use of a trade mark, and the same user continues or repeats the same infringement,” says the Advocate General.

In 2007, L’Oréal notified eBay of its concerns about the sale of its goods on eBay’s European websites and, dissatisfied with the site’s answer, brought a legal action against eBay in Belgium, Britain, France, Germany and Spain. L’Oreal claimed eBay was equally liable, together with its users, for potential brand infringements which included eBay users selling L’Oréal perfumes and cosmetics samples meant for free distribution, removing package boxes from perfumes and cosmetics before selling them via eBay or selling their products intended for markets outside of Europe. eBay argued the were just hosting the auctions and therefore not directly liable, according to the EU E-commerce directive.

In an earlier case this year dealing with the conflict between trademark infringement and contextual adevertising brought by a group of luxury goods companies in March 2010, the ECJ ruled that Google could continue selling advertisements linked to searches for brand names. Similarly, the Advocate General now believes eBay can continue to purchase keywords-based advertising in order to direct users of Internet search engines to its site (including L’Oréal trademarks) stating that “the use of the disputed trademarks as keywords by eBay does not necessarily result in misleading the consumers as to the origin of the goods offered.” Yet, he also expressed himself in favour of L’Oréal, stating the company can prohibit the selling of goods with the outer packaging removed if this is damaging for the company’s reputation or the function or quality of its products. Also, trade mark protection can be invoked where goods for sale on eBay haven’t been put on the market within the EU.

It seems both eBay and L’Oreal have received Jaaskinen’s opinion positively: “Despite the complexity of the issues and the preliminary nature of the advocate general’s opinion, we are encouraged that the ECJ’s final judgment will reinforce European consumers’ freedom to buy and sell authentic goods online,” stated Steve Milton, Director of Corporate Communications at eBay International.

L’Oréal believes that the opinion is a balanced one and “is overall consistent with the stance that L’Oréal has held for several years,” and that it also supports “effective combating of internet-based counterfeit product sales.”

The Advocate general’s opinion is not binding for the ECJ but, in most of the cases the Court follows his recommendations. Usually, the ECJ rules between three and six months after the advocate general’s opinion.

Also, in the US, the Supreme Court refused to hear an appeal in a similar case, thus supporting the ruling made by the Appeal Court on 1 April 2010 in the case brought by jeweller Tiffany against eBay in 2004 and consequently making the ruling definitive. The Court of Appeal’s decision was that eBay did not infringe trademarks when allowing counterfeit sales in its auction sales. The court considered that eBay had fulfilled its duty by removing certain items when so asked by Tiffany, and that its obligations went no further than that. However, the Court of Appeal asked the lower court in the case to rule on whether eBay adverts for Tiffany goods were infringing false advertising regulations.

Opinion of Advocate Genral Jaaskinen in L’Oreal vs eBay case C 324/09 (9.12.2010)
http://curia.europa.eu/jurisp/cgi-bin/form.pl?lang=EN&Submit=reche…

ECJ could increase online sellers’ liability for trade mark infringements (9.12.2010)
http://www.out-law.com//default.aspx?page=11655

US ruling relieving eBay of trade mark liability over fakes will stand (1.12.2010)
http://www.out-law.com//default.aspx?page=11631

Article published in EDRi-gram 8.24.
Free subscription !

The Council of Justice Ministers adopted a text on web blocking at its recent meeting in Brussels on 2-3 December 2010. The Belgian Presidency, for domestic reasons, felt obliged to adopt a text during its term of office. As a result, the outcome is a hastily cobbled together text that makes little legal sense and whose main value is to finally betray the real meaning behind the proposal.

The adopted text can be divided into two main parts:

1. “Member States shall take the necessary measures, including through non-legislative measures, to ensure that the blocking of access to webpages containing or disseminating child pornography is possible towards the Internet users in their territory.”

Under the UN Child Rights Convention, Member States are already under a binding legal obligation to take all appropriate measures to prevent the “exploitative use of children in pornographic performances and materials”. If Member States do not feel that blocking is “necessary” to achieve this, the Council’s wording would not create an obligation for them to suddenly make a different analysis that would make blocking obligatory.

However, the text is very clear about the obligation to create an infrastructure which is capable of implementing the blocking of web pages (Member States shall (…) ensure that the blocking of access to webpages (…) is possible (…) in their territory.)

The reference to “non-legislative” measures is particularly interesting because blocking via “self-regulatory” mechanisms by Internet providers is unquestionably illegal. It is illegal under:

a. The European Convention on Human Rights – Article 10 “The exercise of these freedoms (…) may be subject to such formalities, conditions, restrictions or penalties as are prescribed by law”
b. The European Commission’s own impact assessment – “Such measures must indeed be subject to law, or they are illegal.”
c. The International Covenant on Civil and Political Rights. Article 19.3 “The exercise of the rights provided for in paragraph 2 of this article carries with it special duties and responsibilities. It may therefore be subject to certain restrictions, but these shall only be such as are provided by law and are necessary:”
d. The 2003 Interinstitutional Agreement on Better Lawmaking – Article 17: “The Commission will ensure that any use of co-regulation or self-regulation is always consistent with Community law (…) These mechanisms will not be applicable where fundamental rights or important political options are at stake or in situations where the rules must be applied in a uniform fashion in all Member States.”

Read the entire article on EDRi’s website

Article published in EDRi-gram 8.24.
Free subscription !

Private-sector attempts to undermine and attack the ability of WikiLeaks to function on the Internet have attracted much attention. Their domain name  wikileaks.org) was was taken out of service by EveryDNS, their ability to collect funds was restricted by Paypal, Visa and Mastercard while Amazon deleted their website. When did we abandon the rule of law and replace it with summary justice meted out by private companies? How does it happen that private companies can punish a website that has never been convicted of a crime? Why would they do this?

The truth is that there have been years of “behind-the-scenes” efforts by (mostly western) governments to persuade, reward or coerce Internet companies into developing censorship structures. Under the harmless-sounding flag of “self-regulation,” and demands that Internet providers take more responsibility for illegal online activity, a comprehensive infrastructure is being put in place. The purpose of this infrastructure is to hand over quasi-judicial responsibilities to private companies, which, less bound by the obligations imposed on courts, impose summary justice on those accused of illegal activity online. This action can be to have payments being blocked by payment providers, websites deleted and Internet traffic filtered by Internet providers, slowly and imperceptibly eroding the rule of law. While western governments must respect their constitutions, life becomes much simpler when private companies can take extra-judicial action against uncomfortable online information.

Read the entire article on EDRi’s website

Article published in EDRi-gram 8.24.
Free subscription !

On 15 December 2009, the European Commission held its third meeting on “public private cooperation to counter the dissemination of illegal content in the European Union. The first meeting took place in November 2009 and the second in May 2010.

After the previous meeting, the European Commission received written comments jointly from EDRi and EuroISPA as well as a variety of industry players. Six months later, the Commission finally reacted to that feedback, sending participants revised recommendations on the evening before the meeting.

The Commission tried to open discussions on its recommendations for extra-judicial takedown of material that has been accused of being illegal, on grounds of containing child abuse, racism/xenophobia or terrorist content. However, both industry and EDRi demanded repeatedly that the Commission finally should define the problems that it believes it is addressing by this initiative. Unfortunately, the Commission steadfastly refused to do this. The Commission also choose not to answer a direct question as to how this initiative complies with either Article 10 of the European Convention on Human Rights (which requires a legal basis for interferences with communication) and the 2003 Interinstitutional Agreement, which obliges the Commission not to promote co- or self-regulatory measures in relation to matters of significance to fundamental rights.

Read the entire article on EDRi’s website

Article published in EDRi-gram 8.23

IViR: Moving Towards Balance – A study into duties of care on the Internet (2010)
http://www.ivir.nl/publications/vaneijk/Moving_Towards_Balance.pdf

OSCE FOM Preliminary report: Study of legal provisions and practices related to freedom of expression, the free flow of information and media pluralism on the Internet in the OSCE participating States. (26.11.2010)
http://www.osce.org/documents/rfm/2010/11/47857_en.pdf

EU Counter-Terrorism policy: EDPS calls for a systematic and consistent approach to avoid unnecessary restrictions to privacy (24.11.2010)
http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/…
http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/…

Antitrust: Commission probes allegations of antitrust violations by Google (30.11.2010)
http://europa.eu/rapid/pressReleasesAction.do?reference=IP/10/1624&amp…

The Kids Are Alright* – A survey of the privacy habits and preferences of teens and their parents on social networks
http://safekids.com/documents/truste_survey.pdf

Published in EDRi-gram 8.23

The European Commission (EC) recently published its “Internal Security Strategy” – a wide-ranging security programme covering international crime networks, radicalisation, cybersecurity, border management and crisis/disaster management.

One almost amusing element is how it included “piracy” (meaning unauthorised downloads) as a security issue. The logic is very reminiscent of the 1980s British comedy “Yes Prime Minister” where a senior civil servant explains to a colleague how to argue to stop power being put in the hands of citizens. “All cats have four legs, so does my dog. So my dog is a cat”. Counterfeiting is sometimes carried out by criminal gangs, who are a security threat. Counterfeiting is an intellectual property infringement. “Piracy” is an intellectual property infringement, so “piracy” is a security threat.

Meanwhile, some elements that are missing are also interesting. For example, the Strategy argues that “security should be integrated in relevant strategic partnerships” but, having accused major trading partners like the USA of failing to take action against online child abuse and international trade in abuse images, the strategy prioritises “trafficking in human beings, drugs trafficking and terrorism” for this action. Indeed, while the strategy covers, in the Commission’s own words “seemingly petty crimes”, the child abuse that was such a priority when tackling the symptoms via blocking, fails to get a single mention in the document.

Read the entire article in EDRi-gram.

Published in EDRi-gram 8.23

After a long and continuous pressure from several civil society groups and European international organisations such as the European Parliament, the Presidency of the European Union, the Parliamentary Assembly of the Council of Europe (PACE), the Organization for Security and Cooperation in Europe (OSCE), Human Rights Watch and Reporters Without Borders, the US President Barack Obama and Secretary of State Hilary Clinton, the two Azeri bloggers arrested in 2009 on false pretences of hooliganism, have been finally released from prison.

A Baku court released Emin Milli on 18 November 2010, one day after his friend Adnan Hajizade’s release. The court however did not release them on account of their innocence; it just suspended the rest of their sentence (14 months out of the entire 30 and 24 months sentence respectively).

Read the entire article in EDRi-gram.

Published in EDRi-gram 8.23

The legislative process on Internet blocking is about to move from almost standstill to almost completed between now and the beginning of February. In the Council of Ministers, an informal agreement is planned for the Justice Council in December, while the MEP in charge in the Parliament will present her draft report on 10 January 2011 with an informal orientation vote just three weeks later.

Every civil society organisation that wants to stop web blocking and the damage that this will do for child protection must focus all available resources on the Civil Liberties Committee of the European Parliament between now and early February. Afterwards, it will be too late. The risk of damage to child protection is abundantly clear from the Working Document prepared by the MEP in charge of the dossier, Roberta Angelilli (Italy). She says: “We have to bear in mind that our priority is to eliminate these images for public access as quick as possible.” The priority is not to identify the children, not to investigate the criminals, but to avoid public access via blocking, which does not even serve the purpose of stopping deliberate access.

Bizarrely, Ms Angelilli also suggests that “the providers would be promptly informed about their rights to appeal against the decision”. This assumes that there would be no immediate investigation – having been accused of having a website containing images of gross violations of children, the suggestion is a polite notice to the alleged criminal that he may wish to complain.

In the Parliament, MEPs remain divided but the argument that blocking is a “complementary” measure, to be implemented with other measures (such as deletion and prosecution), rather than instead of them, is successful with many parliamentarians. The argument is working, despite the fact that there is no evidence of this being the case in countries that already have blocking.

In the Council, Germany and Romania are fighting hard for blocking to remain optional for Member States. However France and Italy (coincidentally, countries that also have blocking for gambling and intellectual property) are campaigning for obligatory blocking with what one negotiator described as “missionary fervour”. Most countries are remaining silent on the issue, meaning that they are passively having blocking imposed on them by the larger countries. The only large country to remain silent is Poland, and this silence will be crucial for the success of mandatory blocking, if it is maintained.

In the Council, the current negotiating text reads as follows: “2. Where the removal of webpages containing or disseminating child pornography is not possible within a reasonable time, Member States shall take the necessary measures, including through non-legislative measures, to ensure that the blocking of access to webpages containing or disseminating child pornography is possible towards the Internet users in their territory. The blocking of access shall be subject to adequate safeguards, in particular to ensure that the blocking, taking into account technical characteristics, is limited to what is necessary, that users are informed of the reasons for the blocking and that content providers, as far as possible, are informed of the possibility of challenging it.”

This text raises three interesting points. Firstly, blocking through non-legislative measures has already been described as illegal by the European Commission in the impact assessment it prepared to accompany the proposals. In that text, the Commission assessed extra-judicial blocking as follows: “More problematic may be the compliance with the requirement that the interference in this fundamental right must be “prescribed by law”, which implies that a valid legal basis in domestic law must exist” (page 30) before coming to the conclusion that “such measures must indeed be subject to law, or they are illegal” (page 37). The illegality of this approach is quite clear from the European Convention on Human Rights, which states that “the exercise of these freedoms, since it carries with it duties and responsibilities, may be subject to such formalities, conditions, restrictions or penalties as are prescribed by law and are necessary.”

The second interesting point refers to the last lines of the draft text. It suggests that a legal obligation is necessary for Member States to take the step of contacting the alleged criminals, accused of publishing pictures of children being abused on the Internet, and politely informing them that their page has been blocked and giving them the opportunity to complain, if they so wish.

The final point is that Member States should do what they consider necessary, which means that, strictly speaking, this text places no obligations on anyone. Its only real purpose is to give Member States an excuse to introduce blocking, even via “self-regulatory” measures that are in breach of the European Convention on Human Rights and the Commission’s own assessment of the legality of the measure.

The civil society in Poland is pushing hard to demand that the government have the courage to take a position. EDRi-member the Panoptykon Foundation, along with representatives of the Kidprotect Foundation, the Modern Poland Foundation, the Foundation for Free and Open Source Software and the Interactive Advertising Bureau Poland appealed to the Prime Minister to ensure that Polish representation to the European Council takes a critical stance on the Child Exploitation Directive.

In their appeal, the groups demanded proper action against the abuse, rather than the childish act of placing its hands before its eyes in the hope that the monsters would disappear. Illegal content must be removed and not hidden by the creation of a censorship infrastructure.

Working document – Roberta Angelilli, Rapporteur – Proposal for a Directive of the European Parliament and of the Council on combating the sexual abuse, sexual exploitation of children and child pornography
http://www.edri.org/files/angelilli_wd.pdf

Proposal for a Directive of the European Parliament and of the Council on combating the sexual abuse, sexual exploitation of children and child pornography, repealing Framework Decision 2004/68/JHA
http://www.europarl.europa.eu/meetdocs/2009_2014/documents/com/com_com…

“Impact assessment”: Accompanying document to the Proposal for a Council Framework Decision on combating the sexual abuse, sexual exploitation of children and child pornography, repealing Framework Decision 2004/68/JHA
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:52009SC035…

Commission official explains the Commission’s research (7.09.2010)
http://www.youtube.com/watch?v=EpFpoXIdRQc

Cybercriminals thank Commissioner Malmström
http://www.cybercriminalsociety.eu/index.php

We are writing to the Prime Minister: Do not to block the Internet! (only in Polish, 30.11.2010)
http://www.panoptykon.org/content/piszemy-do-premiera-nie-dla-blokowan…

Civil Society Appeal (only in Polish, 29.11.2010)
http://panoptykon.org/sites/default/files/Panoptykon_List%20do%20premi…

Council draft negotiating text (26.11.2010)
http://www.statewatch.org/news/2010/nov/eu-council-sexual-exploitation…

(contribution by Joe McNamee – EDRi)