Monthly Archives: November 2005

Euro Data Retention: Crunch Time

1 Reply

We have posted previously about the moves to introduce data retention, for the purposes of allowing a deliberate surveillance of citizens, on an EU-wide basis. The Commission’s proposal for a directive on this matter would compound our own national statutory Data Retention regime, created by Part 7 of the Criminal Justice (Terrorist Offences) Act 2005. Now we bring you an update, with some time critical information.

1. In response to pressure from the European Council, this matter has been fast tracked, and will require only one vote, rather than the usual two readings by the European Parliament.

2. That vote will be taken on the 12th December. This will be MEPs’ only opportunity to express or reflect their constituents’ opinion of this issue.

3. Prior to that vote, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) will consider the Commission’s Draft Directive. In addition the Committees of Industry, Research and Energy and Internal Market and Consumer Protection will make opinion findings.

4. LIBE will vote on their findings tomorrow (24th November) at 10am. They have been meeting this week to discuss the issues.

5. This will have a very strong bearing on the matters put to the European Parliament for the vote on the 12th December.

6. There is only one Irish MEP on the LIBE – Mary Lou McDonald is an alternate member. It is well worth contacting her office to express your opinion on this matter.

7. Between tomorrow’s vote and a week before the Plenary vote (on 12th December) the MEPs are entitled to re-table amendments that didn’t get through the committee, or counter amendments to the ones that do.

8. The text of the decision to be voted on can be found, if you are willing to dig. If you aren’t, it can be found in this PDF.

9. As can be seen, the Commission’s Draft Directive has been modified in a number of significant ways.

* The removal of crime ‘prevention’ as a basis for infringing the privacy rights of citizens. (Amendment 1)
* The replacement of the Commission’s proposal of 1 year retention, except for Internet traffic which would be six months. The amended text has a blanket 3 months retention period regardless of the source of the data. (Amendment 9)
* The deletion of a number of unsustainable assertions. (Amendments 4,5 &6)
* Replaces ‘respect’ for the Fundamental rights of privacy in the European Charter with ‘compliance’. (Amendment 13)
* Provides a specific list of the serious crimes which would justify infringing the privacy rights of citizens. (Amendment 16)
* Removes the requirement to retain location data. (Amendments 17 & 24)
* Forces measures enacted to create data retention regimes to be compliant with EU Privacy Directives. (Amendment 20 & 38)
* Provides the basis on which the data shall be handled by the companies holding it, and the police. (Amendment 21)
* Specifically bars the keeping of data that reveals the content of a communication. (Amendment 26)
* Deletes the previously planned ‘blank cheque’ committee system which would have allowed member states to bypass Parliament after the original vote. Replaces it with a committee with representation from the Parliament and the European Data Protection Commissioners. Caps the potential extension of the retention period to 6 months. (Amendments 11, 28, 29& 49 )
* Establishes Parliamentary oversight of the use of the data retention laws. (Amendment 31 & 36)
* Creates a duty on the governments to ensure the security of the retained data. (Amendment 32)
* Full reimbursement of companies’ costs of compliance is reinforced. (Amendment 37)
* There is to be a review of the effectiveness of the law, against its stated aims, in 3 years. It will lapse unless specifically endorsed again in five years. (Amendments 39, 40, 41 & 42 )

10. From our point of view these are generally positive moves. But the argument in principle against mandatory data retention remains the same – it is an infringement of the privacy of the mass of innocent individuals, without an evidential argument demonstrating any benefit.

11. A petition will be handed in tomorrow to the LIBE committee, signed by over 58,000 people across Europe against data retention.

12. Your MEP will have the right to vote on this issue on the 12th December. This Directive will determine the relationship between EU governments and their citizens for years to come. Take a look at this page, find your MEP and contact them. Tell them your opinion, and then ask them for theirs. And get a commitment from them to attend the vote.

13. Let DRI know who you’ve spoken to, and what they said. It will help us to remind them closer to the vote on the 12th. We’re at contact@digitalrights.ie

IRMA’s Legal Action

19 Replies

IRMA announced, with a media blitz on 15th November, that they intend to send letters to 50 new individuals and companies demanding damages for losses they claim have been caused by these people making files available for download.

We don’t yet know the full details of this, but there are a few issues still outstanding from the last set of such letters, issued by IRMA last April.

A representative of DRI appeared on the Last Word on Today FM, to raise some issues not usually addressed by IRMA. Time was short, so we thought we’d expand a bit on our concerns, for the interested reader.

No Safe Harbour
Firstly, there is the manner in which the individuals’ shared folders on their hard drives were entered and scanned. This was done on IRMA’s behalf by a company called MediaSentry. MediaSentry is a US based company, which does not operate within the ‘safe-harbour’ scheme for Data Protection. This means it has not agreed to handle EU citizens’ data in accordance with the European Data Protection regulations.

Two European countries have now come out against this kind of search of users’ property.

In the Netherlands, in the case of FOR THE PROTECTION OF RIGHTS OF THE ENTERTAINMENT INDUSTRY IN THE NETHERLANDS (BREIN) et al v UPC NEDERLAND B.V., and ors the court found that the use of MediaSentry to scan users’ shared folders and process the results was not in accordance with the provisions of European Data Protection Acts. MediaSentry does not confine its scanning to copyrighted music files, but also scans personal files of the computer owner. They therefore found that the application to the court to force ISPs to identify their users could not be granted, as BREIN and the record labels it represents could not rely on evidence gathered unlawfully.

In France, the Commission Nationale de I’Informatique et Libertes (CNIL) spent October 24th announcing that it would not permit the automated monitoring of users of P2P file sharing systems.
The CNIL concluded such monitoring could lead to

“a massive collection of personal data” and allow “exhaustive and continuous surveillance” of P2P sites “beyond that which was necessary for the fight against piracy”

cf Steptoe & Johnson’s E-Commerce Law Week.

IRMA may have a stateable case to answer, therefore, that the way in which they obtained the identities of the individuals to whom they have written could preclude them from relying on that information in court.

When questioned about this yesterday by Matt Cooper on the Last Word, Dick Doyle of IRMA relied on the fact that they had persuaded a High Court judge to grant them an order, as proof of the legitimacy of their plans.

However, it is possible that this fact is not the strength it may seem. If IRMA were aware of these arguments (through their contacts with other record label representative groups or otherwise), and did not inform the court of them, they may have, in legal terminology, not come to the court with ‘clean hands’.

In particular, as the individuals were not represented in court (being unaware of the matter until they received their letters from IRMA) this privacy issue was not addressed before the court, by any legal argument from the parties. In such cases, there is a particularly heavy onus on the plaintiffs to give full and frank disclosure to the court of all the facts at their disposal.

Proportionality of Damages
The other issue not put to IRMA during their whirlwind tour of the media, was the question of the proportionality of the damages claimed to their losses. They have quoted an average settlement figure of €2,500 from their April wave of demanding letters.

In the courts in Ireland, you can only get compensation for losses you can prove you have sustained. To succeed in the court, IRMA would have to prove that their members – the record labels in Ireland – had lost, from the specific individual before the court, a specific sum. We’ll take the €2,500 figure as an example.

As it is only the record labels who are suing their clients here, we can’t simply take the retail price and divide it in, to find the number of claimed lost CD sales that this represents. They can’t claim for the portion of the money that goes to retailers. Or to the distributors, or manufacturers. They can only claim for the profit on each CD that they can prove was not sold as a direct result of a specific individual making files available for sharing.

To date all IRMA have produced by way of justification for their claims of losses, has been to claim a causal link between the rise in file sharing and the fall in profits. However the record industry is a complicated beast – CDs are now available online from abroad more cheaply than those in the shops. CDWOW, only one such retailer, now has 120,000 registered Irish users and is describing its sales as thriving. The record labels’ international representative body, IFPI, said in July that Top 10 album sales were up 14% last year, after a difficult five-year slump. This in the face of what the industry has admitted to be a continuing rise in file sharing. In addition, there are studies that suggest that the people who download the most music from P2P networks are the most likely to spend a higher proportion of their money buying music.

This is not to say that downloading in breach of copyright is legitimate behaviour. But it does call into question whether IRMA’s claimed losses can be laid at the door of file sharing. And therefore, whether they could legitimately attempt to recoup those losses by way of damages from the individuals they sue. The law is not intended to be used to make up for the failures of a business model in a changing environment.

Have IRMA or the record companies they represent actuarial assessments of loss – something which would be required by a conscientious court, before damages at a certain amount could be awarded? If they have, will they publish those tables so that the criteria they use to assess their losses are made public? This is a public campaign of information and education, as they describe it, after all.

Arbitrary Action
Protection of legal rights should not be done in a capricious manner. And yet IRMA, as they admitted on the Last Word, do not believe that it is lawful for the owner of an iPod or other MP3 player to copy music from their own CDs, bought and paid for, onto their own music machine, bought and paid for.

They say that this is a breach of copyright, and therefore – by their emotive language, used in campaigns this year and for many years before – theft.

However they also say they don’t intend to do anything to enforce their rights to prevent this just now. Why should action against uploaders be a vital priority – no matter who they are – when the larger threat, from their point of view, must be the fact that every MP3 player and iPod is an occasion for wholesale theft of IRMA’s claimed property? Or, conversely, why should owners of MP3 players have the threat of potential legal action hanging over them if they haven’t done anything wrong?

We didn’t get an answer to that one on air.

DRI are in favour of civil, legal and human rights being protected in a digital world. That must extend to the legal rights of copyright holders, as much as individuals. However, perceived breach of a legal right would not excuse responding breaches of the civil right to privacy.

Further, if IRMA’s belief that it is illegal to move your legitimately purchased CDs to your own music player is correct, we believe that the law must be changed

Dealing with SMS Spam

36 Replies

Ireland has one of the highest mobile phone ownership rates in the world. Mobiles are with us more than any other piece of technology, and we have a more personal relationship with them than with any other piece of electronics. Studies have shown that this is one of the reasons people get particularly annoyed when they receive unsolicited commercial SMS messages. This SMS spam invades what we have learned to think of as a personal space. So what can we do to stop it?

You have a few options if you receive SMS spam. The easiest thing to do is to delete the message. However, this does not stop you from receiving more messages from the same source in the future. Nor does it stop the SMS spammer from bothering other phone users.

Tell Your Network

For a more effective remedy, you can forward it to your network. Except for 3 (who don’t currently offer the service), all the networks have a free-text number you can forward a spam SMS to. Files on the spammers are then collected and forwarded to RegTel and the Office of the Data Protection Commissioner.

Those numbers are:

O2: 50455
Vodafone: 50005
Meteor: 50002
Continue reading

Data Retention in Europe: The story so far

11 Replies

Political action in the European Union frequently appears to happen behind closed doors. But the breadth of the EU’s powers, and the fact that EU legislation will always take precedence over our own domestic law, even our Constitution, makes it important to keep an eye on.

Despite repeated public statements bemoaning the public’s disconnect from EU decision making, politicians across the continent have found it a useful vehicle for introducing unpopular measures. When the law they’ve been fighting for in Brussels is passed, to the dismay of their constituency, they can go home and blame faceless Eurocrats for forcing their hand.

Sadler's Battle of Waterloo

Our government is deeply involved with an attempt to impose a system of ‘data retention’ across Europe – tracking all telephone calls, internet usage, and even people’s everyday physical location (if they use a mobile) and leaving that huge mass of data for telecoms companies to look after, unless and until, any member state would like to rummage through it.

Reporting of events in the EU is sparse in Irish and British newspapers. So, to try to keep our readers up to date, we’ve compiled the story of the push to bring in data retention across the EU, up to now. It should serve as a useful mixture of background information, jargon explanation and opinion collation. Continue reading