EU to Investigate Passport Privacy Concerns 102
mvdwege writes: "Well, it appears that the old fight between the US and the EU over privacy regulations is about to enter a second round. In response to a letter by a Member of the European Parliament, the Commission has stated that it will start investigating Microsofts possible breach of the EU privacy regulations. The Register has a nice summary."
Obligatory collection of information on users by M (Score:4, Informative)
1. Is the Commission aware of Microsoft's free
2. Is the Commission also aware that failure to register with
3. Does the Commission regard it as acceptable that users of public terminals in universities, libraries or Internet cafes who fail to log off correctly may pass on their confidential information to the next user, that to hire software via the Internet (using Microsoft servers instead of a personal hard disk) access is possible only via
4. Is it lawful for a dominant firm to build up a very extensive database of personal information? Is
5. Can national or European criminal investigators make use of the information collected without prior consent of the individuals concerned or the courts?
6. According to the Commission, is there any call for further regulation in order to make abuses by interested parties or subversion of current privacy rules impossible?
E-0718/02EN
Answer given by Mr Bolkestein
on behalf of the Commission
(7 May 2002)
1-3. The Commission is indeed aware of Microsoft's
4. A company operating in the Union is subject to Community law and may build up a database of personal information, provided the obligations laid down in Directive 95/46/EC of the Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data are respected. These include having a specific, legitimate purpose, informing the individual of identity of the controller of the data, of the purpose of collection and the rights individual has, such as the right to access his/hers own personal data. In cases where consent for processing is required, the Directive requires that it be unambiguous and freely given. The Directive also lays down the obligation to notify such processing operations to national data protection authorities. But the directive also provides for some exemptions from the notification obligation. The Commission is not at present in a position to say whether this processing operation has been notified within the Community.
The question of whether and to what extent the Directive applies to a data base (or in the terms of the Directive a data controller) located outside the Union, especially where data is collected directly from data subjects via the Internet, is a complex one which the Commission and national data protection authorities are at present examining carefully. Article 4.1(c) of the Directive provides for its application where a controller makes use of equipment, automated or otherwise, situated on the territory of a Member State, which means that the Directive does at least in some cases apply to controllers outside the Community. Furthermore specific national rules concerning a third country in which the controller is established may also apply and be enforceable within that jurisdiction. In this respect, Microsoft has notified the US Department of Commerce that it adheres to a privacy policy that meets the Safe Harbor framework.
5. On the basis of legislative measures, criminal investigators can make use of information collected without the prior consent of the individuals concerned or the courts, provided that the rights of defence of the individuals concerned are respected and that the restriction to the right to privacy is strictly necessary for the purpose of the criminal investigation. The information collected during the investigation may moreover only be used to the extent necessary for those purposes.
6. In accordance with Article 33 of the Directive, the Commission is examining the application of Directive 95/46/EC and expects to make a report before the end of the year. The subversion of current rules will be looked into in that context.
Re:Serious rape (Score:1, Flamebait)
Given what Microsoft are trying to do to all of us, is the above posting really that far off-topic?
Is anyone stupid enough (Score:1, Insightful)
They won't do anything (Score:1, Insightful)
Government gets their money, plus they look like their doing something, meanwhile Microsoft gets their money, and looks like they're sorry.
Re:Microsoft Is Guilty Of Violating EU Law (Score:2, Interesting)
Re:Microsoft Is Guilty Of Violating EU Law (Score:1)
Re:They won't do anything (Score:4, Interesting)
Re:They won't do anything (Score:1)
However, the EU, like all governments, is not a gestalt entity. I know for a fact that a lot of the British representatives in the European Parliament stand for election simply because they dislike the institution as it exists at present. I can sympathise with this perspective - conceptually, there is nothing wrong with the EU but in reality it is far more sinister (secret policy decisions) than it appears in the right wing presses. But I digress...
The individual members of the European Parliament then, are autonomous entities. A good many of them are there only so that they can improve the democratic process in whatever way they can and as I say, do not necessarily toe the party line (ie. they are not professional politicians). I can't speak for Meijer and I know nothing of him beyond what I read in The Register just now, but I suspect he's one of the mavericks I speak of and is just as critical as the EU's privacy policy as he is of Microsoft's. Although I am prepared to be corrected.
Re:They won't do anything (Score:2, Interesting)
Unless you are the UK government of course, then you will be falling over yourselves to allow Microsoft to implement the planned 'Government Gateway' online access point for government services, oh yeah, and also grant Microsoft a licence to resell any resulting intellectual property. Register article here [theregister.co.uk].
nervous about America? (Score:2)
Ah, but clever W. has put it to Putin that we can hammer the treacherous Euros from both sides, and tony Tony will help! That leaves only the French nuclear arsenal, and perhaps China's - if they can make a deal - plus whoever survives tomorrow's Indo-Pak Kablooey - against the mightiest champion of freedom, or anything else for that matter, this side of the Sun.
Looks like a good time to emigrate to New Zealand, what? Now, exactly why are you concerned about your privacy? Do you really think you'll be let in anywhere nice without your Microsoft Passport once you're on the run and the fun's begun? Oh yeah, you'll be real happy about having arranged to be left off Bill 'God' Gates' list then! You don't think it's already occured to Him to buy up all the pleasant real estate, especially the land with His favorite critters, sheep?
___
Re:They won't do anything (Score:1)
That's great , his job is not to please Europeans but work for us and if this involves pissing off others then so be it.
Re:They won't do anything (Score:3, Insightful)
Any nation in the world who can safely cut ties from us, the U.S. should.
We are in the business of smashing you up and getting our multi-national companies in there and rebuilding (and getting all the profits or owning you in the end).
I'm eager to cut ties from the U.S.A. and I'm a citizen.
Sure, you're thinking; "How can you say that after September 11th? - We are at war you anti-American scum". To you I say; "Fuck off, I can challenge my leaders and their politics at anytime"
Re:They won't do anything (Score:2)
When we put 14 year old girls to work making Nike shoes for a few bucks a day we pretend it's for "their" good.
Cynical!=Idiot
Re:They won't do anything (Score:4, Interesting)
While a number of European governments are as corrupt as the US Congress none of them operates in quite the same way. The EU officials who are in charge of implementing the directive do not stand for election and in any case European politicians do not collect campaign funds directly for their personal campaigns.
Nor does Microsoft have any significant political leverage with the EU. The only country it has significant investment in is the UK and that is a high powered research lab they are not going to close. Microsoft might ask the Bush administration to exercise leverage however after the steel tarifs and the farm bill the US does not have any.
Although Microsoft is not going to intimidate or bribe the EU into submission the Passport issue is not a problem. While Microsoft could in theory abuse their ability to collect personal info they merely have to undertake not to abuse the data, they do not have to design the system so that the data cannot posibly be abused.
While such 'undertakings' tend to be considered by US firms to be loopholes to be exploited while the government turns a blind eye, the EU is not like the US in that regard. Microsoft would be making a major mistake if they broke their undertakings. The EU can and will impose very very large fines.
Re:They won't do anything (Score:1)
Since independence 225 years ago the US has fought in more than 15 wars, an avearge of a war every 15 years, four of which (Korea, Vietnam, Iraq, Afghanistan) took place after WWII. Perhaps the image of the ugly American, ignorant about everything including his own history would be somewhat less prevalent if people like yourself did not run the country.
Oh and the speach by Dufus Bush in which he demanded Cuba have free and fair elections would have gone down slightly better if he hadn't gone to the supreme court to stop them counting the votes in Florida. Regardless of whether he would have won the final count or not, that disqualifies him as a democrat.
Re:They won't do anything (Score:2)
Given that the EU was willing to risk a trade war over the privacy directive, I don't think Microsoft is going to get away with a slap on the wrist on this one
They'll have to work very hard at convincing the Commision that Passport will abide by the EU privacy directive to get out of this mess.
Trust a European on this: the EU countries take privacy very seriously. That's not to say that occasional violators don't slip through, but a giant corporation can't just ignore the directive.
MartCorrection.. (Score:1, Interesting)
If by summary, you mean bias, then you're correct. I think most people here agree that The Register hops on the Microsoft-bashing bandwagon to generate more ad revenue. Take an objective look at it rather than consuming The Register's spin.
huh? (Score:2)
If you think they are biased then maybe you should point out how they are biased (and no ad revenue doesnt really work, one could say that if you are pro microsoft you can generate more add revenue by having microsoft buy adds in your paper), but more importantly tell us how their article is false or misleading as a result of their bias.
I really hope microsoft are not paying you for such general and lazy accusations. I heard they expect more thurough work.
Re:huh? (Score:1)
Re:Correction.. (Score:2)
Which is why my first link was to the original letter by the Member of European Parliament. I trust you are intelligent enough to check the facts I gave you so conveniently a link to.
I'd say your post betrays a little bit of bias too.
MartThat's a first... (Score:1, Redundant)
A Considerable Knowledge of Dictionaries (Score:3, Funny)
This, taken from the the original parliamentary submission [eu.int] upon which the Reg article is based, is laugh-out-load funny:
2. Is the Commission also aware that failure to register with .NET Passport results in exclusion from many sites' services, that unsubscribing is not possible, that periodically only out-of-date information is removed and that the passwords to be given (minimum of six characters only) are easily accessible, to some extent, to others posing as system administrators or possessing considerable knowledge of dictionaries?
You realize, of course, that pot is legal in the Netherlands?
Re:A Considerable Knowledge of Dictionaries (Score:2)
so what ? what is wrong with that?
Nothing whatsoever!
I enjoy the taste of freedom every time I visit The Netherlands ;)
Re:A Considerable Knowledge of Dictionaries (Score:3, Informative)
The party of Erik Meijer (SP), the guy who asked that question, _is_ pro full legalisation of softdrugs, though
Re:A Considerable Knowledge of Dictionaries (Score:1)
Nope, pot isn't legal... but we got a very special word for it... it is 'gedoogd'.
Look... you can call it anything you want but the fact is that I (or, indeed, any Dutch policeman) can walk down the road, walk into one of many cafes, browse a long menu detailingdozens of varieties of grass and weed, hand over a few Euros and, in return, be handed a bag of white Widow.
Seriously, how is that not legal? I do understand what you mean (ie. that it's technically decriminilized rather than legalized) but let's be honest about the reality of the situation: Nobody is ever going to be arrested for buying or selling pot in the Netherlands.
Thankfully, it looks as if the same common sense will soon be applied in the UK too.
(Mods, I've effectively modded myself down -1, off-topic by not applying my +1 bonus)
Re:A Considerable Knowledge of Dictionaries (Score:1)
By the way, Bolkestein (answering on behalf of the commision) is also Dutch.
liberty alliance? (Score:2)
Or is this a ploy by the EU to get a better deal from MS as the new licensing sceme approaches?
oreillynet overview of web identity [oreillynet.com]
AOL? (Score:2)
Re:AOL? (Score:2)
You know what ? Why should I care ?
People that use MS Passport are basicaly all Windows/IE users. Their data is already avaliable to Microsoft. Hotmail ? Sure, Microsoft will never look into your data, or change your preferences [slashdot.org] so it can send your information to everybody and dog.
You see, even before using Passport, the "potention" Passport user already trust MS with their data.
I'm not a Windows user. Also, obviously, I don't use IEand Passport. Do I miss it ? Am I giving up access to anything for not using it ? Surely not
I don't think Passport should be regulated. I think it should be outlawed. It's a stupid thing. Why should I need something like this ? So I don't have to enter my data to every other site ? There are lots of programs that do that automaticaly. So I have an unified login/password ? Bad idea. I use a different password for every site. How do I remember them all ? If you have to do it, you will, like myself, came up with some password creation logic, where you don't have to remember all the passwords.
All in all, Passport-like systems are a bad idea. I don't give all my data to any company. I changed supermarkets couse they started asking my telefone number when I was paying with my debit card. Why should I trust MS with any of my data ?
Also, it's valid to remember I live in a country (Brazil) where there are no privacy related regulations, and where Microsoft pretty much has a hand on the government's pocket (and, I dare say, several government members have a hand on Microsoft's pocket).
Yeah well.. (Score:2, Funny)
You Know You've Lost When... (Score:5, Funny)
The guy asking these questions, Erik Meijer MEP, probably realized the game was up when the Parliament issued it's preliminary answers [eu.int] in only one format... Microsoft Word.
Bullshit (Score:2)
Re:Bullshit (Score:2)
They have the resources to release WordPerfect and OpenOffice copies.
But they didn't.
Bit like Dell having the resources to offer Linux as a pre-installed option on all their machines.
But they don't.
Re:You Know You've Lost When... (Score:2)
To ask for the Parliament to refit their computers to use a different word processor because somebody doesn't like MS is simply weird. Like it or not (I don't), MS Word is the de facto standard word processor out there... and I strongly doubt that the Parliament uses Word just to "show those MS bashers" or out of love for MS. It just happens to be the best word processor available.
Re:You Know You've Lost When... (Score:3, Insightful)
Not that I'm really advocating using Office's horrible HTML, but, the point is that there's other options.
Re:You Know You've Lost When... (Score:3, Insightful)
`Fine job'? The latest time I needed to view a word document, it happened to be written in Japanese, and used tables. Now, openoffice claims to support Japanese, but in this case, only managed to display about 1% of the text correctly. 1%!
Morever, it's perfectly reasonable to hold a government body to higher standards than an average company -- the government is supposed to think about more than just convenience (read the recent letter from the Peruvian congressman for a more eloquent take on this). There are many more universal formats out there, which at least are documented well enough so that people can write proper viewers for them (e.g., PDF, RTF, HTML, text files...).
[If there's a better way to view word files without word, I'd appreciate some pointers, incidentally. Antiword and openoffice seem to do OK on simple docs, but
Re:You Know You've Lost When... (Score:3, Insightful)
If plain old text will do the job well enough use it, if you need more use RTF or PDF, need more then consider needing less... there's no need for killing your intended recipient.
Re:You Know You've Lost When... (Score:1)
There are also viewers for excel, powerpoint, ...
Re:You Know You've Lost When... (Score:1)
Re:You Know You've Lost When... (Score:2)
It's a bit funny that people are so quick to complain that they don't even try - or is it the old hate for MS that's showing through?
Re:You Know You've Lost When... (Score:2)
He's known to be at least reluctant to support OS.
in related news... (Score:5, Interesting)
Without sending Microsoft any information (Score:1)
Dont remember exactly what it says. If people weren't so dumb in general I'd get mad at Microsoft for assuming we're so dumb.
*rants* the DrugCheese
Hypocrites - EU allowing data retention (Score:4, Interesting)
GILC [gilc.org] members have launced also a lobbying campaing including an open letter, which can be signed here. [stop1984.com]
Here's also Marco Cappato's (the person in charge of the directive in European Parliament) press release about the situation:
PRIVACY/EUROPEAN PARLIAMENT: CAPPATO (RADICALS) "PPE AND PSE TABLE IN THE EP THE COUNCIL PROPOSALS : IN THIS WAY EUROPE WOULD AUTHORISE DATA RETENTION OF EUROPEAN CITIZENS' INTERNET AND TELEPHONE COMMUNICATIONS"
Brussels, 23 may 2002
European PPE (conservatives) and PSE (socialists) have tabled yesterday common amendments to the Cappato report on privacy in electronic communications, that take over the Council positions on all main issues. Their content is in striking contradiction with the EP first reading position as confirmed by the EP Civil Liberties Committee during the second reading.
The discussion in the EP will take place on the 29th of May in Brussels, while the vote will follow on the next day.
Declaration by Marco Cappato, MEP of the Lista Bonino/Radical Party and EP draftsman
on the EU Commission proposal on the protection of privacy in electronic communications:
"With these amendments, PPE and PSE have abandoned the stance that the EP had taken in first reading and confirmed in second reading in the EP Civil Liberties committee, without getting any politically meaningful concession from the Council.
Ana Palacio Vallelersundi (PPE Spanish MEP), President of the Civil Liberties committee (and Spanish conservative Government representative in the Convention) has promoted the tabling in the EP of amendments that take over the (Spanish conservative) Presidency of the Council gaining the support of the Socialist group in the EP, with the only aim of avoiding the conciliation procedure between the Council and the EP and allowing the Spanish Presidency to close successfully the dossier.
PPE MEPs, that had supported until now the freedom for Member States to decide on the regime to adopt on unsolicited commercial communications, opt-out on directories and cookies, now obey to the Spanish Presidency indications and unite with the PSE in supporting a European opt-in system - although in a softened version - in all the abovementioned cases.
But the most controversial issue is that of the powers the Council wants to give to Member States to impose to Telecom and Internet service providers the retaining of data concerning citizens' communications, SMS, emails, Internet surfing. The PPE-PSE amendment (that goes beyond the legal basis of the directive, that is an internal market measure) inserts in the articles the possibility for Member States to provide for data retention, while guarantees for citizens' privacy are left to a reference to the general principles of community law and to the EU Treaty. The reference to the jurisprudence of the European Court of Human Rights is relegated in the PPE-PSE amendment in the recitals (while the EP had included it in the articles).
I appeal to MEPs to ask them to vote following their conscience and not on a party basis, and to follow my request to delete from the articles of the directive the reference to data retention of citizens' communications."
For more informations:
Marco Cappato offices: 0032 2 2847496
mcappato@europarl.eu.int www.radicalparty.org
Re: UK has laws against this...unfortunately.... (Score:1)
Man I'm going to New Zealand.
Not just the EU - the US & others getting this (Score:1)
Council of Europe - Convention on Cybercrime [coe.int]
The US (along with the UK govt) was actually instrumental in developing this policy with the European and other states in the Council of Europe . The Convention is developed from an idea the FBI were punting around in the early nineties [statewatch.org].
It should be noted that the Council of Europe [coe.int] is not part of the EU and should not be confused with the European Council [eu.int]. Don't believe anyone who tells you this came from Brussels - This is a case of the nation states going oustide the EU (with the US, Canada and South Africa and Japan) to make an agreement, then propose it as legislation via the Commission (EU governmental heads together) for the European Parliament to approve. I'm actually glad there are some MEPs with some wits about them and a conscience to try to oppose this.
News just in: G8 Justice and Interior Ministers are pushing for this too [theregister.co.uk]. Surprise!
The real guy (Score:2)
MS pasport fails for 1 amazing reason (Score:1)
nice summary? (Score:1)
Yahoo news [yahoo.com] -- straight off the reuters feed
wtf (Score:1, Offtopic)
In other news, ambient temperature in Hell dropped to a remarkable -12F this afternoon...
Personal Data Need to be Regulated (Score:5, Insightful)
Banks and financial institutions are subject to strict federal regulations in the U.S. with regard to:
At the moment, there are a number of companies that collect sensitive information from consumers, and regardless of what they claim they are doing with that information, no one has any way of knowing if they are honoring those claims. Most public companies would leap at the opportunity to tell consumers whatever they wanted to hear if
The companies in this industry will oppose regulation, claiming that the costs associated with monitoring and compliance would put them out of business *bullshit-the-cost-of-not-being-able-to-prostitute -your-data-will-put-them-out-of-business* Excuse me; I must be coming down with a cold. As I was saying, they will insist upon being allowed to regulate themselves. They must not be permitted to persuade the politicians of this.
Ask your representative or senator to consider what life would be like today if banks and brokerages were not regulated. Then tell them that this is far more serious, because while money can be refunded, information cannot be stuffed back into Pandora's Box once it is released.
Re:Personal Data Need to be Regulated (Score:4, Informative)
Nice post. Good to see the moderators were awake on this one.
Basically what you are describing is the EU Privacy Directive. The gist of the Directive is that companies may not store information on you without telling what they need it for, and not more information than is necessary for the purposes they state. Additionally, they are not allowed to give out your data to third parties without express prior consent. The national laws that implement this directive are backed up by the governments. Some are a little easy on violators, but others are terrifyingly strict.
That's why I submitted this story in the first place; there have been a lot of stories lately about how companies treat personal information, and this was a nice way to show that somewhere in the world there are laws against this, and governments willing to back them up. I think the EU is a bureaucratic monstrosity sometimes, but this they got right.
MartRe:Personal Data Need to be Regulated (Score:2)
I never knew I was putting my information in Microsoft's information store...
Sure, we see signs of this and that but we have no clue what they are really doing. For all I know they could be key logging everything I right now. We simply can't tell because they are bigger than Jesus.
odd random note on passports (Score:2)
So therefore, it is amusing to note that the microsoft service in question, named after a strongly opposed document whose purpose was to control the movement of people, is now being investigated by the same people who came up with the damn document in the first place. clusterfuck anyone?
Two very simple principles of Data Protection (Score:5, Insightful)
Personal data must not be released to a third party without the consent of the party who has given the data
Personal data must not be used for a purpose other than that for which it was collected
Now let's judge Passport against these:
As soon as somebody signs for a Passport account they start getting spam from third parties
As soon as somebody signs for a Passport account they start getting spam
Now, this isn't some precious view about what a pity junk email is - this is a basic breach of fundamental principles of privacy and data protection being perpetrated by a corporation with a large amount of trade in every EU country (and elsewhere in the world).
If they want to trade in the EU and make money here, they have to obey our laws. And our laws on privacy and data protection aren't that onerous - all that is asked is that if you collect personal data that you don't hand it out willy nilly, and that you use it for the purpose for which it was collected. Is that an unreasonable restraint on trade?
Dunstan
Data protection in the US (Score:2)
This can be rather a pain. Suppose I am registered under UK data protection legislation to hold certain kinds of personal data for certain purposes (which I am[1]) and I want to send it to my mate who is also registered to hold the same data for the same purposes.
Am I allowed to send him this data via email, given that I can't prove that the email won't be routed via a US server which isn't subject to any laws protecting personal data?
The simple answer is that we don't know. Different people give different advice and AFAIK there hasn't been a test case.
[1] Under four separate registrations, so far, and I'm being told I need a fifth. Personally I think this is getting to be rather over the top.
Data protection in the EU (Score:3, Interesting)
I was one of the many who wrote in to the EU commisioner to complain about Passport. If you make a lucid complaint and have a valid view on some MS abuse etc, mail the EU. They generally do respond if you're not spamming or flaming and it seems that they do take the issues up.
Passport needs to be open source (Score:2)
Here is something I wrote some time ago for Newsforge [pawlo.com]: 'Microsoft Passport is brilliant in its design. It will solve the problem that is allegedly killing dot com companies all over the world. Without making life online hell for the user you will easily manage micropayments and logins for content providers and e-tailers all over the world. You might like that and you might not, but a lot of companies have been waiting for this solution and I believe it could be successful, if companies and customers trust in Microsoft Passport. But why should we trust Bill Gates and Steve Ballmer? What have they done to gain our trust? They have done nothing of the kind, and that is why Microsoft Passport needs to be open. We need to know what the code is doing, how the data is storaged and we need competition and interoperability on the Microsoft identification market.'
Regards,
Mikael