Civil Society representatives, user and consumer advocates were left almost speechless yesterday, October 11, at a hearing organised by the European Commission on Digital Rights Management. Due to the invitation policy of the Commission's DG Internal Market, the event, organized to help the Committee established under Article 12 of the EU Copyright Directive evaluate the way Article 6 of that same Directive is being transposed, was entirely dominated by the Digital Rights Management Iindustry and by representatives of collecting societies.

In response to an informal consultation by the European Commission on a report on the future of Digital Rights Management (DRM), several digital rights organisations have sent in statements. The report was prepared by a High Level Group consisting of companies and industry groups. As user representative only the European Consumers Union (BEUC) was invited to participate, and it withdrew its support from this report.

EDRI member FIPR points out the democratic failure of this process. "The consumer representative (BEUC) was unable to subscribe to most of its recommendations. It is quite improper for the Report to nonetheless represent its findings as a 'consensus'."

The German group Privatkopie.net "urges the commission to create conditions under which the privacy of information users and their 'right to read anonymously' are guaranteed." A similar point is made in the Italian response (including Associazione Software Libero and the Italian Linux Society). "We notice that leaving it to 'rights holders to build balanced business practices with their customers' is a short-sighted position because it does not consider that the balance between right holders and society - the pivot of all laws on human intellectual production and on the related economic exploitation - cannot be guaranteed neither by one of the two sides alone nor by the market tout court." And the Italian paper concludes with the demands that no personal or characteristic data of the user should be required, detected or used when not absolutely necessary to the authentication mechanism and DRM systems may not include or allow user tracking features.

The European Commission has decided today, 25 August 2004, to examine in depth the joint acquisition by Microsoft and TimeWarner of ContentGuard. This company, formerly owned by Xerox, is a world market leader in so-called Digital Rights Management technology. It has developed the Extensible Rights Markup Language (XrML). Microsoft has eyed the company for a long time and made considerable investments before announcing last April to couple up with Media Company TimeWarner in order to buy the remainder of the company. In July, Microsoft and TimeWarner filed a request for clearance of the deal with the EU's merger control authorities. After a relatively brief review, the Commission has now decided to examine the planned acquisition in depth. "Under Microsoft's and Time Warner's joint ownership", the Commission declares in a press release issued today, "ContentGuard may have both the incentives and the ability to use its IPR portfolio to put Microsoft's rivals in the DRM solutions market at a competitive disadvantage." The merger controllers, still headed by the Italian Mario Monti, recall former competition cases involving browsers and media players. But they also take other EU objectives with a direct influence on competition issues into account: "This joint acquisition could also slow down the development of open interoperability standards. As such, this would allow the DRM solutions market to 'tip' towards the current leading provider, Microsoft." The Commission must reach a final conclusion within four months from now on, i.e. until 25 January 2005. Most of the investigation will then be headed by the Dutch Commissioner Neelie Kroes, who has a reputation of being more Microsoft-friendly than her predecessor Mr. Monti.

The deadline is nearing for two important consultation rounds from the European Commission, on mandatory data retention and on copyright.

European Digital Rights is working hard on a thorough answer on the EU plans for mandatory retention of all internet and telephony traffic data. The document will be made publicly available on the EDRI website, and EDRI will participate in the public hearing following the consultation on 21 September 2004. But more input, both from the industry and civil society, is urgently needed in order to have any impact on the decision making process. EDRI calls on all readers of this newsletter to send in responses on the consultation and protest against the proposal to store extensive sensitive data about all EU citizens. At the request of Privacy International, the UK lawfirm Covington & Burlington has prepared an extensive legal argument against general data retention, for violating fundamental human rights. Please feel free to use any arguments from this document in your answer, with reference to the original document.

The European Commission is organising two interesting public consultation rounds, on nanotechnology and on digital rights management (DRM).

The consultation on nanotechnology invites public feedback on the communication 'Towards a European Strategy for Nanotechnology', in which the Commission proposes an integrated and responsible approach for developing nanosciences and nanotechnologies in Europe. All interested people are encouraged to take part by directly writing to the Commission rtd-nano-strategy@cec.eu.int by 30 September 2004.

Commission press release: How big is nanotechnology for Europe? (30.06.2004) http://europa.eu.int/rapid/pressReleasesAction.do?reference=IP/04/1005...

Online questionnaire about nanotechnology http://www.nanoforum.org

The European Commission has funded a new project to make Digital Rights Management more acceptable to consumers. INDICARE (the Informed Dialogue about Consumer Acceptability of DRM Solutions in Europe) is distributing its first e-mail newsletter this week. The newsletter includes links to articles on the INDICARE website that are conceived as the starting point for online discussions. Under the E-Content programme 2003-2004 1 million euro is allocated for 'accompanying measures' like community building.

DRM-technology is seen by both the Commission and the (multi-)national entertainment industry as the best solution to control copyrights in a digital environment. Civil rights organisations, data protection authorities and consumer unions however are not very keen on giving complete control over their reading, listening and watching habits to industrial parties. Initiatives to integrate DRM in both hard- and software, like the TCPA initiative, have strongly been criticised for violating fundamental freedoms of computer and internet usage.

The Union for the Public Domain is organising a survey about the way governments act in the preparation of the proposed WIPO Broadcasting Treaty. The draft stands to give broadcasters the power to regulate copying, reproduction, distribution and right of transmission. It would extend the length of these powers from 20 to 50 years, and some versions expand the powers to web-casting. The treaty would also make it illegal to circumvent technological protection measures like broadcast flags. All of this even if the broadcast is of a public domain work.

One of the major difficulties of protecting the public domain against these threats is that the positions of national representatives in these international forums are unknown, even to citizens of the country they represent.

The Union for the Public Domain calls on all interested citizens to first contact the co-ordinator and then use the questionnaire to collect information about national positions. The results will be posted on the unions website.

The Article 29 Working Party, the European collaboration of the Data Protection Authorities, has published a (brief!) 'Working Document on Trusted Computing Platforms and in particular on the work done by the Trusted Computing Group (TCG group).' It is a balanced description of 'work in progress', since there are not many end-user applications yet, besides some widely published tests with Digital Rights Management.

The document offers general observations derived from privacy principles, like the need to distinguish between usage in a corporate and in a private environment and the need to provide clear information to users, while always protecting the security of data.

"Both those who design technical specifications and those who actually build or implement applications or operating systems bear responsibility for the data protection aspects, although at different levels. Those who build, commercialise and use the applications bear responsibilities as well, especially organisations that process user data, as they will normally be the last one in the chain and the ones who interact with the user."