15 Apr 2014

Why did UK Labour MEP Arlene McCarthy fail to vote to protect vulnerable children?

By Joe McNamee

On Wednesday 3 April, British Labour MEP Arlene McCarthy sent an urgent e-mail to her colleagues about a vote on “net neutrality” (part of the Telecoms Single Market Regulation) that was scheduled to take place the following day. In her e-mail, she alleged that amendments tabled by the Socialist Group in the European Parliament (of which she is a member) would make the protection of vulnerable children ineffectual. She said that she hoped that her colleagues would join her in voting against the amendments and “ensuring online safety for the most vulnerable in society”.


(Click image to read McCarthy’s e-mail)

She then left Brussels, failing to turn up for the vote. This was not very surprising, as she missed a total of 1880 votes in the last 5 years and has a voting record worse than 88% of Members of the European Parliament. If she actually believed what she was alleging, on the other hand, it would be surprising.

She explicitly attacked her own Socialist colleague, former French Culture Minister Catherine Trautmann, implicitly also accusing her colleagues from the Liberal, Green and GUE/NGL political groups that had signed those (or identical) amendments, of undermining the protection of children.

Remarkably, Ms McCarthy also took it upon herself to invent proof to back up the case she was making (where she did not even identify the amendments in question). She said that campaign website savetheinternet.eu argued that “preventing online censorship is worth more than protecting children online”. Neither the word “child” nor “children” appears anywhere on that website. This statement was simply never made.

We do not know what was happening elsewhere that Ms McCarthy thought was more important than the allegedly crucial vote in Brussels to protect, according to her, “vulnerable children”. All we know is Ms McCarthy left Brussels and chose not to vote.

In the end, the amendments that Ms McCarthy was presumably referring to were adopted by substantial majorities. In the final vote for the legislative resolution, which included the alleged child unfriendly amendments, all of the British Labour MEPs present voted in favour.

So, what does all of this mean? Well, either McCarthy was right or she was wrong. If she was wrong, then:

  • she has defamed Catherine Trautmann MEP and the MEPs from the other political groups and owes them an apology;
  • she has defamed La Quadrature du Net, Access and EDRi and owes us an apology

If she was right, then:

  • she failed in her duties by prioritising whatever it was she was doing when she was supposed to be voting, which is what is expected of a paid full-time Member of the European Parliament
  • all of her UK Labour colleagues voted, in the final legislative resolution, for measures that undermine child protection
  • Mary Honeyball MEP, “Internet Watch Foundation Champion” voted to undermine the protection of children when she voted for the offending amendment during the unanimous final vote in the Culture and Education Committee.

Ms McCarthy was, of course, completely wrong. For more information on what actually happened, click here.

14 Apr 2014

Is Commissioner Malmström accusing herself of violating EU law?

By Joe McNamee

On the 8th of April, the European Court of Justice ruled that Data Retention Directive was incompatible with European law and declared it invalid. Recent comments by Commissioner Cecilia Malmström (whose Home Affairs portfolio covered the Directive) appear to claim that she was always aware of the incompatibility of the Directive with European law.

Addressing journalists in Brussels on Tuesday, DN.se reporter Johan Schück observed the Commissioner say that “the criticism from the ECJ is similar to the objections she herself had against the directive during her time as a MEP”.

More explicitly (albeit also more spuriously), her press release on the ruling “confirms the critical conclusions in terms of proportionality of the Commission’s evaluation report of 2011 on the implementation of the data retention directive”

These two statements that the Commissioner was aware of the incompatibility (whether since her time as a member of the European Parliament or just since 2011) suggest that she failed to respect both her own personal obligations as a Commissioner and the duties of the Commission itself.

On a personal level, Commissioner Malmström swore an oath at the Court in Luxembourg “to respect the Treaties and the Charter of Fundamental Rights of the European Union in the fulfillment of all my duties”. On that day, Commission President Barroso said “the oath of independence and respect for the EU Treaties is more than a symbolic act. The European Commission is a unique institution and the Commissioners have today made clear that they will uphold all the principles and values enshrined in the Treaties and the Charter of Fundamental rights”. All of the principles and values…

In reality, it seems likely that Ms Malmström would have reformed the Directive, if it had not been made very clear to her by Member States that they would not accept a revision of the Directive. However, if this is the reason why she did not undertake the revision that she apparently thought was necessary, this too would have been in breach of her oath to “be completely independent” in the carrying out of her obligations and “to neither seek nor take  instructions from any government or from any other institution, body, office or entity.”

On the other hand, maybe, despite the Commissioner’s claims about having been fully aware of the incompatibility of the measure with European law, she might just be innocent of her implicit arguments against herself. After all, in December 2010, she stated:

We have to recognise that data retention is here to stay, and for good reasons. Access to telecommunications data are, at least in some cases, the only way of detecting and prosecuting serious crime. And in some cases it can be vital to exclude individuals from crime scenes and clearing them of suspicion. We do need data retention as an instrument to maintain security in our Member States. – Conference in Brussels, 3rd December 2010.

Similarly, in April 2011, she argued that “overall, the information we have received indicates that data retention subject to EU regulation is indeed a necessary measure”.

So, she knew, she didn’t know, she might have known, she might have wanted to do something…

For some historical context, see:
29 February 2012: ENDitorial: Member States turn a drama into a crisis for Commissioner Malmström on data retention
April 2011: Shadow implementation report for the data retention Directive
6 April 2011: ENDitorial: Data retention: Is the EC trying to dig itself out of a hole?

09 Apr 2014

ECJ: Data retention directive contravenes European law

By Heini Järvinen

On 8 April, the European Court of Justice ruled that the EU legislation on mass surveillance contravenes European law. The case was brought before the Court by EDRi member Digital Rights Ireland, together with the Austrian Working Group on Data Retention.

While it will take some time to get a clear view of what is going to happen in this policy area, the initial comments from key players may give some clues.

Perhaps the most remarkable comment is from Commissioner Cecilia Malmstroem, who has legal obligation ensure that the Charter of Fundamental Rights is respected. She claimed that her services were fully aware of the incompatibility of the Directive with primary European law for at least three years but chose to do nothing:

“The judgment of the Court brings clarity and confirms the critical conclusions in terms of proportionality of the Commission’s evaluation report of 2011 on the implementation of the data retention directive. The European Commission will now carefully assess the verdict and its impacts.”

The European Court of Justice didn’t provide any guidance on its ruling implications on national legislation. Luxembourg Minister of Justice Félix Braz annouced shortly after the ruling in his statement that “the national legislation, even though it was adopted in application of the invalidated Directive, will remain in place and continue to bind telecom operators”. He added that

“a deep analysis of the national legislation must be conducted to quickly establish whether the respect for fundamental rights in our legislation can be considered as adequate with respect to the ECJ requirements [...] particularly concerning issues related to access to data by judicial authorities and to the definition of serious crime”.

Braz urged the EU institutions to adopt the data protection Regulation as a starting point, in order to define “a general regime establishing a harmonised high level of protection prior to any definition of potential derogations that might include data retention”.

The Romanian Government had no reaction to the ECJ decision, but in the day after the ruling decided to extend the mass surveillance on its citizens in a new draft law: all the citizens that connect to free WiFis must identify themselves to the operators, that need to keep the personal data for at least 6 months. Also, all the pre-paid mobile cards owners have to be present an ID card if they want to buy such a card. All the current 7 million pre-paid card users in Romania need to register in 6 months, otherwise their cards will be de-activated. Impact on human rights? None, according the Ministry of Justice.

Finnish Minister of Education, Science and Communications Krista Kiuru welcomed the decision. She commented:

“Naturally, we must clean out the paragraphs enacted due to the directive. We will gladly adhere to this decision. If we want Finland to be a model country when it comes to data protection, our legislation has be be in accordance with the fundamental citizen rights,”

The ruling may have an impact on ongoing legislative projects in Finland, such as the preparatory work on the online surveillance law.

European Court overturns EU mass surveillance law (08.04.2014)

Data retention directive: Commissioner Malmström’s statement on today’s Court judgment (only in French, 08.04.2014)

Felix Braz: “The judgment of the ECJ clearly states that all the fundamental rights of EU citizens are to be respected” (08.04.2014)

Romanian new draft law (09.04.2014)

ECJ ruled data retention directive illegal (only in Finnish, 08.04.2014)

Finland must revise its data protection laws (08.04.2014)

09 Apr 2014

Net Neutrality – What happens next?

By Heini Järvinen

After the big vote on net neutrality in the European Parliament on 3 April 2014, many people are asking “what now”? The answer is that the Council of Ministers of the European Union will decide what parts of the overall “Telecoms Single Market Regulation” it can accept, which parts it wants to amend and which parts it wants to reject completely. The Council is made up of the ministers responsible for telecommunications from the 28 Member States of the European Union.

The views of the 28 ministers vary widely. On the one hand, countries like the Netherlands and Slovenia see a need to protect the open and pro-competition legislation that they have already put in place. On the other, countries whose governments have, for various reasons, maintained uncompetitive oligarchies in their telecoms markets, would prefer to maintain and expand this approach.

Somewhere in the middle, the UK wants to both have competition and to permit non-competitive blocking, as long as the companies in question tell the consumer what services are being blocked – with the blocked services having not choice other than to pay for access to the ISP’s customers or be cut out of that part of the market. The national regulator, Ofcom, simply wants access providers not to call their services “Internet access services”, if they are not providing access to the full Internet. Remarkably, even though the current “code of practice” in the UK is very weak, some major companies have still not signed up to it. More remarkably still, the UK would prefer to have this confusion multiplied in each of the 28 EU Member States rather than supporting the basic principle that the open Internet should be clearly protected in law.

Obviously, the Commission’s “package” approach (where radio spectrum, net neutrality, enforcement and mobile roaming are squeezed together for no obvious reason) means that unrelated policy areas will be traded off against each other in the negotiations, in order to be able to produce a final legislative instrument. After an overwhelming vote of the European Parliament in favour of net neutrality and the overall package, the big question is whether Council can use its famously untransparent procedures to reject the democratic decision of the Parliament and bounce the new Parliament into rejecting the pro-innovation position that it has just adopted.

The next stage in the process is that the proposals will be discussed under the Greek presidency of the Council until the end of June, and then (under the six-month revolving presidency) under the Italian presidency. As several of the bigger countries in the EU (France, Italy and the UK, for example) are opposed to net neutrality, it will be difficult to build a strong majority. On the other hand, the European Parliament has equal powers, so its strong pro-net neutrality position can only be overturned if it allows this to happen. The upcoming European Parliament elections are therefore crucial for the future of net neutrality.

UK’s net neutrality position

Council voting procedures

European Parliament leads the world with open internet vote (03.04.2014)

(Contribution by Joe McNamee – EDRi)

09 Apr 2014

Turkey removes Twitter ban following court decision

By Heini Järvinen

On 2 April 2014 Turkey’s constitutional court ruled that the ban on Twitter breached laws on the freedom of expression.

The decision follows Prime Minister Recep Tayyip Erdogan’s pledge to “wipe out Twitter” after users leaked information detailing alleged corrupt and illegal activities of several officials. The ban was enacted on 20 March and was in place during local elections on 30 March. Despite this, users experienced little difficulty in circumventing the ban and traffic to the site increased while it was in place.

The ban was since widened by the blocking of YouTube, after material containing what appeared to be a leaked audio recording of Turkish officials discussing possible military operations in Syria was published on the platform.

The court’s decision of to suspend the ban on Twitter on 2 April was welcomed by Turkish president Abdullah Gül and the telecoms industry. Prime Minister Erdogan has publicly expressed his discomfort at the ruling, and stated that it “has to be implemented but not respected”.

The court also ordered  the ban on YouTube to be lifted on 4 April. It is too early to say if the decision will be implemented soon, or if the Turkish government will try to prolong the ban by appealing the verdict. Currently YouTube seems to remain blocked as a “protection measure”.

Youtube: End of the ban ordered (04.04.2014, only in French)

Blocking of YouTube ordered to be finished by the Turkish justice (04.04.2014, only in French)

Turkey lifts Twitter ban after court ruling (03.04.2014)

Officials in Turkey ‘lift Twitter ban’ (03.04.2014)

‘We have to implement it, but we don’t have to respect it,’ Turkish PM says on Twitter ruling (03.04.2014)
http://www.hurriyetdailynews.com/we-have-to-implement-it-but-we-dont-have-to-respect-it-turkish-pm-says-on- twitter-ruling-.aspx?pageID=238&nID=64540&NewsCatID=338

Turkey moves to block YouTube access after ‘audio leak’ (27.03.2014)

(Contribution by Andrew Walsh – EDRi intern)

09 Apr 2014

UK adds format shifting and parody to copyright laws

By Heini Järvinen

The UK government has proposed regulations to add format shifting, parody and non-commercial text mining to copyright laws.

After two major reviews, run by two different governments in 2006 and 2010, recommendations for greater flexibility in copyright have been tabled for voting in the UK. A debate and vote will follow at the start of June.

Calls to reform copyright gained momentum after protest against the Digital Economy Act, when policy makers and politicians felt that the debate was one-sided and focused on enforcement, while the fairness of the system had not been properly looked at. After the 2010 election, economic growth was prioritised, and copyright flexibility was recommended by the Hargreaves Review as one means to deliver new economic activity.

Format shifting, or private copying, will not be accompanied by a levy. Parody and pastiche can use copyright works, albeit that it has to be “fair dealing”. Non-commercial text mining should aid academic research, and other exceptions deal with academic research, education and disability.

Copyright: it’s a long fight to get it right (28.03.2014)

Lord Younger’s response to ORG’s Parody and Format Shifting Campaign (03.04.2014)

Thanks to ORG supporters copyright takes a great leap forward into the 21st century (27.03.2014)

Changes to copyright law and guidance

Tech Weekly Podcast: Jim Killock on why UK online culture is no joke (02.04.2014)

(Contribution by Jim Killock – EDRi member Open Rights Group – UK)

09 Apr 2014

Google fined for Street View violating privacy in Italy

By Heini Järvinen

Google has paid a 1 million euro fine imposed by Garante Privacy, the Italian data protection authority.

The case dates back to 2010 when, Google’s Street View cars drove across the country without being labeled clearly enough to be perfectly recognisable, and thus violating the privacy of citizens being photographed without their knowledge. The data protection authority has also reported to Italy’s judicial authorities that Google has collected data from unrestricted wireless connections to gather people’s personal communications.

Google claims to have complied with everything the regulator required of them at the time. They have taken further steps to make the mapping service cars more easily identifiable and to inform people that the cars plan to pass through their neighborhood.

The EU is seeking to empower national agencies to impose fines of up to 5 percent of yearly global sales for privacy violations, as current penalties can be seen more symbolic than punitive for global companies such as Google.

Google pays $1.4 million fine in Italy over StreetView concerns (03.04.2014)

Google Pays Penalty for Street View Cars Roaming Italy (04.04.2014)

Google pays a fine of 1 million euro fine for the StreetView service (03.04.2014, only in Italian)

Google pays for StreetView (03.04.2014)
http://punto-informatico.it/4023659/PI/News/google-pay-street-view.aspx (in Italian)

09 Apr 2014

Commission opens investor-to-state dispute settlement consultation

By Heini Järvinen

The EU Commission has published a public consultation on modalities for investment protection and on investor-to-state dispute settlement (ISDS) in the EU – US trade negotiations (TTIP / TAFTA). ISDS is the most controversial aspect of these negotiations. The ISDS mechanism gives multinationals the right to sue states before special tribunals if changes in law may lead to lower profits than expected. These tribunals can overturn decisions of our supreme courts. Many civil society organisations see ISDS as a threat to democracy.

There are concerns about the quality of the explanations the Commission added to the questions. For instance, members of EU parliament Franziska Keller (Greens/EFA) and David Martin (S&D) asked the Commission for examples of cases where foreign investors have been denied access to local courts, expropriated, and not paid compensation in the USA. In its answer the Commission gave examples. Professor Jan Kleinheisterkamp, LSE Department of Law, scrutinized the answer and notes that a closer look suggests that the cases actually undermine the strength of the Commission’s argument rather than supporting it. Despite being refuted, the Commission uses the same argument in its explanation of one of the questions in the consultation.

Kleinheisterkamp recalls that in the Loewen ISDS case one of the tribunal members publicly conceded having met with officials of the US Department of Justice (DoJ) prior to accepting his appointment. The DoJ put pressure on him. The incident highlights how vulnerable the ISDS system is for outside pressure. Kleinheisterkamp notes, “[a]s it happens, the US is not known to have so far lost in any investment arbitration.” The incident raises the question how much influence outside pressure can have on the outcome of ISDS cases. An argument for inclusion of ISDS in TTIP is that if ISDS is not in TTIP, China may object to having ISDS in its trade agreement with the EU. But the vulnerability to outside pressure defeats the sense of including it in trade agreements. What if China will also be able to pressure arbitrators?

The Commission takes pride in “introducing modern and innovative provisions clarifying the meaning of those investment protection standards that have raised concerns in the past”. But the Commission does not go as far as the options suggested in the “UNCTAD World Investment Report 2013, Global value chains: investment and trade for development,” which describes systemic deficiencies of ISDS. The Commission appears to have no desire to repair systemic deficiencies which could be repaired.

Moreover, core features of the ISDS system are widely seen as design flaws, examples are: giving companies equal standing to states, unequal standing (as citizens do not have standing) and placing specialised investment panels above general supreme courts. These flaws are inherent design flaws as they can’t be taken out without abolishing the ISDS system.

The Council and Parliament reached an agreement on a draft regulation that establishes rules for managing the financial consequences of ISDS disputes. The regulation is a preparatory step to the inclusion of ISDS in EU trade agreements. The Council notes that the agreement should enable the regulation to be adopted at first reading, before the Parliament adjourns for elections at the end of May. The vote will reveal which members of the parliament are in favour of this inherently flawed system.

Online public consultation on investment protection and investor-to-state dispute settlement (ISDS) in the Transatlantic Trade and Investment Partnership Agreement (TTIP)

Question Franziska Keller (Verts/ALE) and David Martin (S&D), E-013215-13 (21.10.2013)

Answer given by Mr De Gucht on behalf of the Commission, E-013215/2013 (27.01.2014)

Jan Kleinheisterkamp, Is there a Need for Investor-State Arbitration in the Transatlantic Trade and Investment Partnership (TTIP)? (14.02.2014)

UNCTAD, World Investment Report 2013 Global value chains: investment and trade for development

Jane Kelsey and Lori Wallach, “Investor-State” Disputes in Trade Pacts Threaten Fundamental Principles of National Judicial Systems

Vrijschrift, Investment tribunals above supreme courts (1.01.2014)

S2B, Campaigners slam Commission’s mock consultation on investor rights in EU-US trade deal (27.03.2014)

Investor-state dispute settlement: Council confirms deal with EP (04.04.2014)

(Contribution by Ante Wessels – FFII)

09 Apr 2014

Human rights orgs form coalition against surveillance exports

By Heini Järvinen

A campaign against the export of surveillance and oppressive technologies to dictators has recently been launched in Brussels, called The Coalition Against Unlawful Surveillance Exports (CAUSE). The campaign is coordinated by a coalition of organisations that includes EDRi member Digitale Gesellschaft, Amnesty International, Open Technology Institute and Privacy International. The objective of the campaign is to hold governments and private companies accountable for abuses of surveillance technology, said to be worth $3-$5 billion annually in international trade.

“Through a growing body of evidence, it’s clear to see how widely these surveillance technologies are used by repressive regimes to ride roughshod over individuals’ rights,” said Kenneth Page from Privacy International. “The unchecked development, sale and export of these technologies is not justifiable. Governments must swiftly take action to prevent these technologies spreading into dangerous hands.”

In an open letter published on the campaign homepage, CAUSE expresses “grave concern at the development and the irresponsible sale and export of surveillance technologies across the world, where they are being used by oppressive and authoritarian regimes for internal repression of their citizens and in violation of a range of fundamental human rights … The proliferation of these technologies allows for mass surveillance of entire countries, via hacking computers or phones, mapping, profiling and analysing social networks, installing malware allowing for surreptitious extraction of data, and mass Internet monitoring and filtering through the tapping of under-sea fibre-optics cables that carry all communications traffic in and out of countries. These technologies enable regimes to crush dissent or criticism, chill free speech and destroy the fundamental rights that underpin democratic societies.”

The campaign aims to influence governments to take action on these issues and to address serious regulatory shortcomings. It seeks to also encourage private companies to take moral responsibility for the impact of their technology.

Coalition Against Unlawful Surveillance Exports

New global coalition urges governments to keep surveillance technologies in check (03.04.2014)

(Contribution by Andrew Walsh – EDRi intern)

09 Apr 2014

Data Retention ruled invalid: what does this mean for Kosovo?

By Heini Järvinen

The European Court of Justice published on on 8 April its verdict on the Data Retention Directive, ruling it invalid. The court’s decision follows years of strict enforcement by the Commission, which has gone so far as to seek financial penalties from a number of Member States that did not implement the measure on time. It is also worth considering, however, the impact of the Directive on other states and their citizens. The court ruling is likely to have a tangible impact elsewhere, particularly in candidate and “potential candidate” countries for EU membership, such as Kosovo. This is evident in an obscure Kosovan “Draft Law on Interception of Electronic Communication” that plans to enable dragnet data collection operations and enshrine murky legal boundaries for intelligence agencies’ activities.

The proposal in question would grant law enforcement agencies extensive powers of surveillance on the basis of “lawful authorisation”. Worryingly, the document states that “typically” “this refers to a court order or warrant issued by the competent court, and in certain cases the prosecution or the director of the Kosovo Intelligence Agency”. Problems with “competent courts” (let alone non-judicial safeguards) are well established. In the US, between 2010-2012 the NSA’s supposed oversight body FISA did not deny a single application and complained of being systematically misled. For the same reason, a UK Member of Parliament recently likened The Government Communications Headquarters’s (GCHQ) oversight mechanism to an episode of the satirical British comedy “Yes Prime Minister” in which a minister is manipulated into doing whatever his civil servants wanted – a tongue-in-cheek reference to the blanket approval of GCHQ’s proposals.

So it’s clear that a “competent court” doesn’t inspire much enthusiasm for meaningful oversight. What’s even more concerning is that the director of Kosovo’s intelligence agency appears to be granted extra-judicial authority in granting lawful authorisation for surveillance. The document defines “data” as “location data and other necessary data to identify the subscriber or user”. The intent to personally identify citizens through a process that does not even require judicial oversight should be a cause for alarm.

In terms of how this “lawful authorisation” can be used, the draft law would require network operators to, “without undue delay, make available to the Authorized Institution call-related data, such as … outgoing calls … incoming calls … [and] all signals emitted by the interception target”. It would give law enforcement agencies extensive powers to intercept telecommunications data of all forms. It also includes provisions for data retention established in Article 12.

What’s clear is that the impact of the Data Retention Directive has been to establish mass surveillance and the lack of due process as a precedent in the international sphere. Kosovo’s concern for European law stems from its application for accession to the European Union. For this reason, the Minister for European Integration Vlora Citaku responded to criticism of the draft law in a Tweet saying:

“the law was in Brussels for 6 months, council of Europe and EU commission made sure best EU practices are reflected.”

That is the legacy of the Data Retention Directive. As members of the European Parliament discuss taking the lead on digital rights, it is crucial that the Commission recognises the impact of its legislation on both Member States and their neighbours. We hope that, in keeping with what are now much better EU practices, the draft Kosovan legislation will be abandoned.

UPDATE: On 8 April the draft law was updated in response to the ECJ’s ruling. Minister Vlora Citaku has publicly stated that EU standards will apply, although the amendments to the draft law that would bring it into line with the ECJ ruling so far appear to be insufficient.

Draft Law on Interception of Electronic Communication

Tweet referenced (03.04.2014)

New draft legislation proposed 8 April 2014

Minister Vlora Citaku’s Tweet addressing changes to legislation (08.04.2014)

(Contribution by Andrew Walsh – EDRi intern)