U.S.-EU talks on transfer of airline passenger records (PNR) stalled over the weekend, as the previous agreement expired. Under the PNR, airlines had to give the U.S. 34 pieces of data on travelers bound for the U.S., including phone numbers and e-mail addresses. The EC seemed optimistic Fri. that a new pact would be reached quickly, but said Sun. it was no-go. A draft proposal sent Fri. by U.S. Homeland Security Secy. Michael Chertoff to EC Vp Franco Frattini has been “initialed by the U.S. government only,” not the EU, as was reported, Frattini’s spokesman said Mon. The proposal is up for discussion at an Oct. 5-6 meeting of EU justice and home affairs ministers, he said. The European Parliament, whose challenge led the European Court of Justice to void the PNR pact resulted for having the wrong basis in legal theory, voted in Sept. to approve a report urging a 2-step approach to talks: (1) An interim pact, extending the previous terms, to stay in effect until Nov. 2007. (2) Renegotiation of the agreement. Later in Sept., Frattini told MEPs the U.S. was ready to okay that tack. But now it’s unclear what terms the U.S. draft contains, and the EC isn’t talking. The Commission urged the U.S. to keep applying the lapsed agreement’s data protection safeguards until a new agreement is reached to avoid the “risk of legal uncertainty and disruption to EU-U.S. flights.” The International Air Transport Assn. hopes justice ministers quickly approve the proposal this week, it said: “The 105,000 passengers who fly between Europe and the U.S. each day can be reassured that both Secretary Chertoff and Vice President Frattini have said that there should be no disruption of air service and it will be business as usual.”
Dugie Standeford
Dugie Standeford, European Correspondent, Communications Daily and Privacy Daily, is a former lawyer. She joined Warren Communications News in 2000 to report on internet policy and regulation. In 2003 she moved to the U.K. and since then has covered European telecommunications issues. She previously covered the U.S. Occupational Safety and Health Administration and intellectual property law matters. She has a degree in psychology from Duke University and a law degree from the University of Tulsa College of Law.
Requiring ISPs and network operators to report security breaches is a good idea but needs work, European data protection commissioners told the EC last week. The EC, now reviewing its e-communications regulatory framework, sought comments from the Article 29 Data Protection Working Party. Findings included: (1) Sectors with no reporting mandates could be seen as getting special treatment in relation to those that do. No recent U.S. security breaches involved ISPs, so the obligation to notify also should cover data brokers, banks and other online service providers and should distinguish among levels of breaches. (2) The EC working paper proposes distinguishing among providers of access infrastructure and providers of service, but the line is blurring. The working party urged the EC to investigate whether rules for processing personal data and protecting privacy in e-communications should be accentuated to prevent confusion over whom the rules are aimed at. (3) A proposal to extend and strengthen security provisions by merging privacy and universal access requirements risks sending the message that security “merely concerns networks, competition and network providers [but] it also regards protecting the fundamental right to privacy.” People must be able to use public e-services anonymously, the working party said. Any proposal to change authentication should be preceded by a thorough analysis of e-services accessibility. (4) It’s unclear how a recommendation to set new obligations on service providers to address security incidents, respect guidance by regulators and give consumers notice of actions to be taken in case of a security breach would add anything to existing law. Such requirements could, instead, boost burdens on service providers and regulators. The working party stressed that while it backs better security, “it does not support any measure that leads or might lead to more surveillance of content blocking.” The working party “is throwing the baby out with the bath water,” said telecom lawyer Axel Spies: Notifying the public about a breach can damage a company’s reputation, and it may not even be clear why the breach happened and who was affected. Notification raises “complicated liability questions and, in any event, doesn’t cure the breach,” he said. Spies questioned how an ISP whose site is visited by thousands daily reasonably can be expected to give notice. Many nations, moreover, already require notice of breaches to regulators, he said.
“Africa needs you to think differently” by leap-frogging to 3G CDMA mobile technologies, African CDMA Forum chmn. William Hearmon told govts. and regulators at a recent conference in London. CDMA is the best way to bring the power of knowledge to a continent taking to mobile telephony in a big way, he said. The GSM Assn. (GSMA) and analysts disagreed, saying the number of its connections exceeds CDMA’s by so much CDMA can never win the “volume game.”
As online social networking soars in popularity, U.K. mobile operator O2 is moving against improper online contact and content, its head of content control said Mon. Writing in a debate on “spiked online” -- U TXTng 2 me? -- Jonny Shipp, 02’s head of content standards & policy, said children face no new or unique risks from linking and sharing services, but those risks may be heightened by the ease of creating and distributing extreme or inappropriate content away from parental supervision. O2 insists, “when it can,” on content classification and age-based access control, offering parents the option of restricting Internet access on children’s mobile phones. Human moderators also check all uploads to O2’s “Look at Me” service before they go online, Shipp said -- but “none of these controls can take the place of informed parental supervision.” O2 is trying to close the online knowledge gap between parents and children, he said. Everyone bears responsibility for child protection, wrote John Carr, chairs of the U.K. Children’s Charities’ Coalition on Internet Safety. Social networking and other interactive digital technologies enable “old forms of problematic behavior, including criminal behavior, to be repackaged and presented in new guises,” he said. Even if some parents’ and policymakers’ fears of online dangers aren’t justified, children do come to terrible harm made possible by new technologies, Carr said, adding that it’s no surprise social networking sites and other new digital technologies spark “an initial buzz of concern.” In the U.K., however, the Internet Task Force on Child Protection, whose members include govt., police, child safety experts and technology players, is a well established mechanism for resolving such problems, he said. Young people’s views figure in setting protective boundaries, said National Consumer Council (NCC) Chief. Exec. Ed Mayo. The NCC has been examining children’s lives as consumers and made 3 key findings: (1) Children always have been active in economic and commercial life as workers and consumers. (2) A new “shopping generation” has arisen among today’s children. (3) But youngsters feel they are treated as 2nd-class customers. “Mobile phone companies are zero- rated for service by young consumers, making them more unpopular than doorstep salesmen,” May wrote. Children don’t want all ads aimed at them banned, but favor tighter controls, NCC found. Mayo urged children’s voices be heard in debates leading to decisions on new technologies. From an early age, children understand and use mobile phones, the Internet, computers and video games, wrote freelance writer Jennie Bristow. Their savvy can frighten parents, but “just as the stranger at the swimming pool is highly unlikely to abduct our children, mobile phones are not about to lure than into the great unknown from which we will never be able to pull them back.” There are risks, she said, but when it comes to the mobile device’s role, “it’s only talk.” The “spiked” child protection debate is part of an effort by O2 to engage the public on mobile phone issues, said Chmn. Peter Erskine.
A new WiMAX spectrum owners’ coalition expects to sign a global roaming agreement in Dec. connecting “the next billion broadband users,” it said last week. The pact, a first, will cover all WiMAX services and operate in all WiMAX frequency ranges, said the WiMAX Spectrum Owners Alliance (WiSOA). Unlike mobile operators’ international roaming agreement, however, it isn’t likely to enrage the EC, WiSOA Secy.-Gen. Patrick O'Brien told us.
German lawmakers opened debate Thurs. on amendments to the Telecom Act. The measure is up for first reading in the lower house, with no date set for a final vote. The upper chamber also must approve it. The bill, introduced by the federal govt., would boost customer protection rules for e- communications service providers, including bill warnings, regulatory review of standard offerings, porting consumers to other providers and limitation of liability for service providers. Its Sec. 9a would grant “regulatory holidays” for services in new markets. Deutsche Telekom (DT) has lobbied hard for such an exemption, which would benefit its new fiber network. Rivals want Sec. 9a stricken “or at least amended so that it only kicks in if there is no concern that the exemption will not harm competition even from a short-term perspective,” attorney Axel Spies said on behalf of the German Competitive Telecom Assn. (VATM). VATM also wants the amendments to set clear, binding timetables for actions by regulator BnetzA, he said. VATM also seeks “clear-cut and fair reimbursement rules for eavesdropping requests and mandatory data retention,” said Spies, a lawyer at Washington firm Bingham McCutchen. In a study, Bonn U. Prof. Christian Koenig concluded VDSL, the very fast broadband network DT is installing, isn’t a “new market” deserving exempt from preemptive regulation -- at least temporarily, by way of regulatory holidays, Spies told us. Koenig, whom DT hired to help improve its chances for passage of Sec. 9a, believes new markets must be defined by the products they offer, not how information is transported and delivered to end customers in those markets, Spies said.
Digital Rights Ireland (DRI) Thurs. challenged national and EU data retention laws requiring storage of Internet and phone traffic data. A 2005 Irish law requires telcos and ISPs to store data up to 3 years, allowing access without court order or other safeguards -- violating fundamental human rights, DRI said. The Irish measure defies the Irish Constitution and national and EU data protection laws, it said. DRI attacked the EU data retention directive on the ground that it breaches human rights granted by the European Convention of Human Rights and the EU Charter of Fundamental Rights, and said it will ask the Irish courts to refer the directive to the European Court of Justice (ECJ) for an assessment of its validity. If successful, the challenges will sap data retention laws in all EU states and overturn the directive, DRI said. Its High Court case is backed by privacy and civil liberties groups, including the U.K. Open Rights Group, Electronic Frontier Foundation and Privacy International. Ireland’s govt. itself challenged the EU data retention directive, but not on privacy grounds. The suit puts DRI in the unusual position of fighting a domestic law while siding with the govt. on an EU law, its spokesman told us.
German regulator BNetzA Wed. ordered Deutsche Telekom (DT) to offer rivals unbundled bitstream access, but set no rates for the services. The move seems to cover standalone bitstream access, meaning competitors could offer DSL apart from phone services, as the EC mandated in a recent letter to the regulator, said attorney Axel Spies. He represents the German Competitive Carriers Assn. (VATM), which hopes the incumbent will “present a standard offer without delay” for the service and not continue to “drag its feet,” Spies said. Access fees must be consistent with existing tariffs and “allow all interested parties to implement their business models,” Spies said. BNetzA Pres. Matthias Kurth said the decision will give customers a better choice in high-quality and cost-saving broadband offers and boost broadband penetration in Germany. BNetZA is expected to rule on rates in the next 10 weeks, VATM said.
GENEVA -- Tech companies and civil liberties groups lobbied for a broadcast signal piracy-only treaty at a Tues. meeting of the World Intellectual Property Organization (WIPO) Standing Committee on Copyright & Related Rights (SCCR) here. The signal-theft approach, wide supported not only by those groups but in the U.S. and developing nations, is opposed by broadcasters and the EU, which want a rights- based accord aligning broadcast protections with earlier WIPO author and phonogram treaties (CD Sept 11 p10), Michelle Childs, Consumer Project on Technology’s (CPT) head of European affairs, said.
Germany must reimburse telcos and ISPs for mandatory eavesdropping on customers, the German Competitive Carriers Assn. (VATM) was told Mon. by the Max Planck Institute for International Criminal Law. Under the Telecom Act of 2004 Germany is supposed to write a law detailing procedures and rules for reimbursement, but has not, attorney Axel Spies said. Parliament’s Upper Chamber, representing the states, has signaled it might void the provision, sparking industry concern. The issue now is being discussed in the federal cabinet, Spies said. The only law on reimbursement, which carriers say doesn’t cover them, covers witness and expert payments. The Planck Institute said carriers must be able to recoup costs, urging creation of a specific ordinance or amendment to the law. “Whoever calls the piper must pay for it, namely law enforcement agencies and their governments,” Spies said on behalf of the VATM. The group hopes the opinion spurs legislation preserving reimbursement, he said.