20 Aug 2014

Energise! Network! Mobilise!

By Heini Järvinen

On 4-5 September EDRi will organise an event Energise! Network! Mobilise! in Belgrade, Serbia, to create awareness for digital civil rights issues, exchange experiences, transfer knowledge and network.


The two day event will be organised in cooperation with the Share Foundation, Wikimedia Deutschland and Vikimedija Srbije.

The panels and workshops will cover a wide scale of digital rights issues, including a panel on violations of Internet freedoms in Serbia (by Share Foundation), a copyright advocacy strategy workshop (by Dimitar Dimitrov, Wikimedia), technical workshops (by kheops, Telecomix), and a panel on civil society capacity-building (by Katarzyna Szymielewicz, Panoptykon).

We invite everyone interested to join us and register here.



04 Aug 2014

EU Commission wants to exchange views with civil society in preparation of the IGF – we want your input!

By Kirsten Fiedler

In preparation of the next Internet Governance Forum (IGF), which will be held in Istanbul on 2-5 September, the European Commission organises an exchange views with civil society and invited us to participate in a webinar on 7 August (see agenda below). The IGF is a platform where activists, industry, academics and policy-makers discuss and develop solutions to Internet governance problems.

While we welcome the EU Commission’s effort to increase the involvement of civil society, we are less sure if this is the solution to ensure “the multistakeholder model works well”. Especially after the NETmundial conference, the future of the “multistakeholder” approach has been heatedly discussed. Hopefully, the upcoming IGF will not only be an opportunity to move forward on this question but also to tackle real problems in Internet governance.

In order to make sure that important issues such as freedom of speech, surveillance, privacy and Turkey’s recent censorship activities are being discussed and tackled, EDRi-member Alternative Informatics Association is organising an Internet Ungovernance Forum (IUF) with logistical support from the Bilgi University.

If you wish us to ask your questions and raise your concerns regarding the upcoming IGF during the webinar organised by the Commission, you can tweet them mentioning #EUIGF #IGF2014 – or send us an email before 6 August to brussels [at] edri.org!

Here is the draft agenda of the webinar:

1. An intense year for Internet governance – taking stock of Internet governance developments
Debrief by the European Commission and exchange of information and views with participants

2. Preparations for the Internet Governance Forum in Istanbul
Debrief by the European Commission and exchange of information and views with participants

3. How can civil society play a bigger role in Internet governance discussions, and in particular in the IGF?
Debrief by the European Commission and exchange of views on on-going fundraising efforts for the IGF Trust Fund and other possibilities for in-kind contributions.

Btw, if you cannot make it in person to the next IGF, you can register for remote participation in the IGF before 15 August.


31 Jul 2014

Good Lord! Lords forget their own right to be forgotten analysis

By Joe McNamee

This week, the House of Lords adopted a report on the Google/Spain case. In their report, they made it very clear that the nonsense around the term “the right to be forgotten” is indeed simply that… nonsense.

The Minister described the expression as “an inaccurate and unhelpful gloss on what happened”. There is no right to be forgotten. All our other witnesses who addressed the issue agreed.*

So far, so sane.

The Lords then appear to have reflected on finding a catchy headline. After all, what is the point in putting out a press release if nobody publishes it? What would be a good headline, they must have wondered… what phrase does the press like so much that none of the facts of the case matter? The choice was obvious… the inaccurate and unhelpful “right to be forgotten”.

‘Right to be forgotten’ is misguided in principle and unworkable in practice, say Lords .

So, when it comes to Google/Spain, the old adage remains faithfully respected and unforgotten – never, ever let the truth get in the way of a good story. Even, it seems, if you have already described your own misrepesentation of the facts as “inaccurate and unhelpful”.

*Emphasis added.



30 Jul 2014

EU Commissioner on ISDS consultation: “An outright attack”

By Heini Järvinen

The European Commission’s public consultation on investor-state dispute settlement (ISDS) in the Transatlantic Trade and Investment Partnership Agreement (TTIP) drew nearly 150 000 responses. The Commission was struck by the demonstration of citizen engagement that the consultation raised, and the massive number of responses paralysed the IT system of the Commission.

“We got almost 100,000 posts, many of them identical,” commented the EU Commissioner for Trade Karel De Gucht. “That was an outright attack,” he added. “The fact that so many responses are identical speaks for a coordinated action.”

The statement is rather contradictory to the Commission’s press release introducing the consultation, published in January 2014, in which the Commissioner highlights his commitment to hearing citizens’ concerns related to ISDS:

“I know some people in Europe have genuine concerns about this part of the EU-US deal. Now I want them to have their say. “

TTIP and its ISDS clause have provoked significant opposition from civil society. It has been critisised for transferring power from independent, legitimate courts, such as European Court of Human Rights, to international arbitration tribunals whose independence and neutrality are highly questionable.

In addition to submitting its own response to the ISDS consultation, EDRi contributed to the process by publishing an answering guide and an online form to help people understand the details of the agreement, and to draft their responses.

Despite categorising the responses as an attack, De Gucht announced that the Commission will examine the contributions and discuss them with the European Parliament and the Member States.

Commission to consult European public on provisions in EU-US trade deal on investment and investor-state dispute settlement (21.01.2014)

TTIP Update XXXIII – 150,000 ISDS Submissions (21.07.2014)

De Gucht speaks of attack – objectors of TTIP paralyse EU Commission (only in German, 19.07.2014)

Online public consultation on investment protection and investor-to-state dispute settlement (ISDS) in the Transatlantic Trade and Investment Partnership Agreement (TTIP)

EDRi: EDRi’s response to the ISDS consultation (18.07.2014)

EDRi: Answering guide to the European Commission’s consultation on ISDS (24.06.2014)

EDRi: Flawed Dutch government study on ISDS (02.07.2014)




30 Jul 2014

French Digital Council publishes report on platform neutrality

By Guest author

The CNNum (Conseil National du Numérique), the French National Digital Council, published a report on 13 June 2014. The report follows a 2013 request from the Ministry of the economy and digital affairs as well as the secretary of state on digital affairs on two issues: the European Commission’s investigation of Google’s dominant market position and CNNum’s analysis on platform neutrality.

The concept of platform neutrality implies that web platforms such as YouTube, Spotify and the Apple Store do not abuse their position to the detriment of other stakeholders. A working group from the CNNum was set up and a series of consultations were conducted in order to hear the opinions of economists, lawyers and other stakeholders.

The report aims at the application of the neutrality principle and the regulation of dGoata systems. It is structured in three main parts: the opinion of the CNNum, thematic fact sheets that clarify that opinion and an in-depth economic analysis of platform neutrality. The full report is available in French and the two main parts also in English, German, Spanish and Italian.

Firstly, the recommendations of the CNNum begin by relying on law in order to ensure platform neutrality. State agencies could assess neutrality levels and transparency requirements could be enforced regarding the functioning of algorithmss. In case of a breach of agreed thresholds, the platforms would be made accountable before the law. Secondly, measures to guarantee fair use of data collection are presented, e.g. give users control over their online information. Thirdly, CNNum advises the foster digital literacy by various government programmes and partnerships. Fourthly, a strategy is put forward to allow for the emergence of new platforms by means of open source standards, open data, cross-platform solutions, etc.

The second part of the report starts with a definition of platform neutrality that precedes the fact sheets. The legal resources fact sheet describes how competition law, business law, consumer law and data law could be updated and used to avoid platform oligopolies. The fairness & sustainability fact sheet explains guiding principles on how to regulate the “big data” phenomenon. The final fact sheet on “positive neutrality” gives concrete examples on how to create an open web environment that prevents the emergence of oligopolies.

The last part of the report is a detailed analysis of the platform landscape. According to this research, the platform oligopolies create a “three-sided market”. The first side of the market is the relationship between the platform and the user. A search engine is accessed by users. In return, users give (often unknowingly) some data to the platform which it can then monetise. The second side of the market is the relationship between the platform and other companies. The platform sells to the companies the access to its user base so that the companies can sell their products. The goal of the companies is to gain visibility on the platform by using advertisements, or generating a good page ranking in search engines by buying sponsored links and keywords. The platforms and companies then use techniques such as targeted advertising in order to increase the efficiency of the ads. According to the report, the comprehensiveness of these techniques leads to a total loss of control over one’s data. The third side is that the platform abuses its dominant position by renegotiating the percentage of earnings of the companies that are given to the platforms as compensation for access to the user base. The platform can also decide to strike exclusive deals with individual companies or even start competing directly in new markets.

The analysis contends that the platforms maintain their dominant position by three main operations: acquisition, diversification and exclusion. Platforms buy innovative start-ups that could threaten their dominance in the long run and/or that can be fruitfully integrated in the already existing infrastructure in order to provide a more diversified platform. The report lists the acquisitions of the GAFTAM (Google, Apple, Facebook, Twitter, Amazon, Microsoft) from 2010 to January 2014, which unequivocally shows that these platforms have been engaging in acquisition and diversification. The last main move of the platforms is exclusion. For instance, the report argues that, when Google introduced Google Maps and Google Shopping, the traffic of websites offering similar services dropped significantly because their page rank suddenly worsened.

The report ends on a very critical note with regards to the platforms and Google in particular, which it accuses of hypocritical storytelling. On the one side, they pretend that free, open services are provided for the general interest, but on the other side, the page rankings are so biased that for instance 80% of Google’s first search page consists of advertisements.

The approach of the French government has its own hypocritical storytelling. The Council of the European Union (EU member state governments) is currently negotiating on the “telecoms single market regulation”, which includes provisions on net neutrality. The French government is taking the position that net neutrality and platform neutrality should be regulated at the same time. The most likely outcome of this approach is to kill the possibility of the EU regulating in favour of net neutrality. If the French government is successful, there will be little or no possibility of the European Commission legislating on either net- or platform neutrality in the foreseeable future.

Platform Neutrality: Building an open and sustainable digital environment (13.06.2014)

(Contribution by Alexandre Bénétreau, EDRi intern)




30 Jul 2014

Russia and Austria take action against use of Tor

By Heini Järvinen

Russian government is offering 3,9 million roubles (approximately 85 000 Euro) for a way to identify users transmitting data over the anonymous web browsing system Tor.

The special technology and communications group of the interior ministry published the tender on the government procurement website in July, offering the reward for “research work, Tor cipher”. The tender was modified on 25 July, but various news sources reported that the original description sought for “research work on the possibility to obtain technical information about users (user equipment) of the anonymous network Tor”.

Tor (The Onion Router) is an anonymity network that directs Internet traffic through a worldwide volunteer network that consists of relays, known as nodes, concealing the location and usage details of users, to protect their privacy. It is used for example by journalists and political activists to guarantee the confidentiality of their communications, but can also be used by criminals to hide their tracks from law enforcement. In Russia, the popularity of using Tor has augmented following the recent measures taken by the Russian authorities to tighten their control of social media and online content in general. According to estimates the number of Tor users has increased in the country from 80 000 to 200 000 in July 2014 alone.

“It’s not important if the Russian government is able to block Tor or not. The importance is that they’re sending signals that they are watching this. People will start to be more cautious,”

commented Andrei Soldatov, an expert on surveillance and security services.

“If you take into consideration how much resources the US National Security Agency (NSA) has used on its attempts to crack the network, it’s very unlikely that anyone could find ground-breaking data security vulnerabilities in Tor for such a sum,” said Ville Oksanen, vice chairman of EDRi member Electronic Frontier Finland (Effi). “The request will benefit the Tor network by calling more attention to its problems and thereby also to resolving them.”

Russia’s reward offer is not the only attempt to limit the use of the anonymity network. Instead of seeking to reveal the identities of Tor users, the regional criminal court in Graz, Austria, adopted another approach that could discourage volunteers from supporting the network. On 1 July, it sentenced a man who operated a Tor exit node to three years of probation and to pay 30 000 Euro in court costs and legal fees. The court considered that he had enabled others to conduct illegal activities staying anonymous, while being aware that the possibility of the technical mechanism that he ran could be used for such purposes. He was convicted based on the section 12 of the Austrian penal code which states that “not only the immediate offender commits the offence, but also anyone who intended another to carry it out, or otherwise contributes to the completion of said criminal action”.

“The decision [was] highly depended on the special circumstances of the case and particularly on the statements of the defendant,” said Maximilian Schubert, general secretary of the Austrian association of Internet Service Providers (ISPA). “We are thus positive that it cannot be seen as a general ruling against Tor services.”

Russia offers 3.9m roubles for “research to identify users of Tor” (25.07.2014)

Russian government offers huge reward for help unmasking anonymous Tor users (25.07.2014)

Reward offered by Russia to crack Tor likely to improve the anonymity network, Finnish expert
views (28.07.2014)

Austrian Tor exit node operator found guilty as an accomplice because someone used his node to commit a crime (02.07.2014)

Internet relay op convicted for child porn (05.07.2014)

7 Things You Should Know About Tor (01.07.2014)




30 Jul 2014

Spain: Why you should care about the Citizens’ Security Bill

By Guest author

On 11 July 2014, the Spanish Council of Ministers adopted the Bill on the Protection of Citizens’ Security. The draft law comes under the authority of the Ministry of Interior which, after “hearing” the opinions of several public authorities and civil society in response to a preliminary text, adopted the bill. The legislation is intended to repeal an existing law of 1992. The proposals are strikingly and disturbingly similar to rules that have been adopted in China and which were proposed, subsequently deemed unconstitutional, in Chile.

Before becoming law, the bill has to go through the two chambers of the Spanish Parliament and, if enacted, some of the provisions of the law would be further developed by implementing regulations (cf. Article 41 and the Third Final Provision of the Bill).

So far, the Government’s proposal has been strongly criticised. Restrictions to the freedoms of assembly and expression in protests received a lot of attention in the media, but some provisions of the bill have barely been discussed.

Measures which have been overlooked in the media include Article 25, which would oblige cybercafés and similar establishments to keep records of their clients’ IDs because these establishments “exercise activities which are relevant for citizens’ security”. Non-compliance with Article 25 would result in fines ranging from 100 to 30 000 Euro. In addition to the pecuniary sanctions, the bill foresees the suspension of licenses, authorisations or permits and even the closing down of facilities (cf. Articles 36 (22), 37(9) and 39). As expressed in the report issued by the General Council of the Spanish Judiciary (a constitutional body that exercises governing functions within the judiciary), this provision broadens the scope of its predecessor, Article 12 of Law 1/1992. Both Article 25 and other provisions described below are likely to restrict data protection, privacy rights, freedom of expression, the right to information or the presumption of innocence, if adopted in their current form.

Other provisions of the Spanish Citizens’ Security Bill raise similar concerns, such as Article 26, which foresees the possibility for certain establishments (including cybercafés) to adopt physical, electronic, IT, organisational or personal security measures (cf. Article 52 of Law 4/2014 on Private Security); Article 43, which creates a Central Register of Infringements against Citizens’ Security “to appreciate recidivism”, i.e. to keep records of repeat offenders; or Article 46, which would allow the authorities that are “competent to impose sanctions in accordance with the [bill]” to have access to the data of the alleged offenders , with the sole safeguard that this access must be linked to an ongoing investigation.

Article 36(26) merits special attention. It establishes that “the non-authorised use of pictures, personal or professional data” of security forces’ officers would be categorised as a serious offence. This Article would complement Article 559 of the Criminal code proposed by the Bill on the reform of the Criminal Code, which is currently going through the Congress. If adopted, Article 559 would also criminalise the “public distribution or dissemination, by any means, of messages or orders inciting the commission of any crimes for disturbance of public order (…) or supporting the decision of committing them”, punishable by up to one year of imprisonment. This provision would, in principle, mean that taking photographs or videos, for example, of misbehaviour of security service staff would incur the risk of prosecution.

Spain is not the first country that tries to implement this type of policies. It is worth remembering that China implemented a similar policy on cybercafés a few years ago. Chinese cybercafés must require their customers’ IDs in order to access their services. As evidenced by an investigation conducted by ‘Information Times’, it resulted in a “significant loss of business”. Chile is another example. The Chilean Parliament intended to impose registration of cybercafé users, but the proposal was declared unconstitutional by the Constitutional Court in 2011.

Bill on the Protection of Citizens’ Security Law (only in Spanish, 25.07.2014)

Spanish government tones down its controversial Citizen Safety Law (28.05.2014)

Report of the General Council of the Spanish Judiciary on the Preliminary Draft Organic Law on the Protection of Citizens’ Security (only in Spanish, 27.03.2014)

The Security Law shall impose ID identification to be able to use phone booths and cybercafés (only in Spanish, 07.04.2014)

Bill on the amendment of the Spanish Criminal Code (only in Spanish, 04.10.2013)

The Constitutional Court in Chile finds a provision on cybercafé users’ register unconstitutional (only in Spanish, 12.07.2011)

China’s Internet Cafes Respond to ID Check Rules (26.07.2010)

(Contribution by Maryant Fernandez Perez, EDRi intern)



30 Jul 2014

Poland: Wojciech Wiewiórowski will remain DPC for the second term

By Guest author

The current Polish Data Protection Commissioner (DPC) will remain on his post for another, second term after the Polish Parliament confirmed his nomination on 25 July 2014. The decision did not come as a surprise: Wojciech Wiewiórowski was the only candidate for the post and hasan excellent background for the role. Just like during the previous nomination process four years ago, EDRi member Panoptykon monitored the process, to ensure its transparency to the public. However, as there was only one – undisputed – candidate for the role, the scope of the monitoring activities was reduced.

Next to the Ombudsman and Children’s Ombudsman, the DPC plays a major role in protecting citizens’ rights and freedoms. However, out of those three, it is the DPC that faces the biggest, challenge; defending privacy in the times of global data flows, addressing “service-for-privacy” business model and mass surveillance. Nevertheless, there are quite a few tools that the DPC can use to do his job: participate in legislative process, recommend legal changes, review individual complains, demand that companies change their practices, impose sanctions if they don’t listen, and run awareness raising campaigns.

Although for citizens living in digital environment this role is becoming more and more important, the political standing of the Data Protection Authority (DPA) in Poland seem to lag behind. DPA’s office has to cope with very modest budget (approximately 3,7 million euros) and far from sufficient number of staff (119 people). When presenting his candidacy, Wojciech Wiewiórowski emphasized that his office is facing the urgent need of increasing the budget and number of staff and investing in new office space.

Wojciech Wiewiórowski is a renowned expert in the area of law and new technologies. His record as previous DPC, especially visible engagement in the process of European data protection reform, gives hope that privacy of Polish citizens will be well taken care of for another four years. On the other hand, the DPC’s powers are certainly not sufficient to ensure strong protection of personal data in a globalized, online environment. It is particularly striking from Polish perspective as none of the leading Internet companies, such as Facebook or Google, is subjected to national data protection supervision. Wojciech Wiewiórowski seems to understand well that this situation has to change. He has already made a public statement that Polish law will have to be revised to implement new European legal framework on data protection, which is expected in 2016.

Parliament appointed the new DPC (only in Polish, 25.07.2014) http://panoptykon.org/wiadomosc/sejm-powolal-nowego-giodo

We monitor DPC elections (only in Polish, 07.07.2014) http://panoptykon.org/wiadomosc/monitorujemy-wybory-giodo

Candidate Questionnaire filled in by the re-elected DPC (only in Polish) http://panoptykon.org/sites/panoptykon.org/files/kwestionariusz_dla_kandydata_wybory_giodo_3_07_2014_w_wiewiorowski.pdf

(Contribution by Anna Obem and Katarzyna Szymielewicz, EDRi member Fundacja Panoptykon, Poland)



30 Jul 2014

Summary report of the responses to the copyright public consultation

By Heini Järvinen

On 23 July 2014 the European Commission Directorate General Internal Market and Services (DG MARKT) published Summary Report of the Responses to the public consultation on the review of the EU copyright rules. The consultation held between 5 December 2013 and 5 March 2014 was part of the European Commission’s effort to review and modernise copyright rules in the EU and to adapt the current system to the digital age.

The consultation drew over 9 500 responses. In addition, the Commission received over 11 000 messages, including questions and comments, related to the consultation. The report mentions the initiatives launched by stakeholders that nurtured the debate around the public consultation, such as “Fix Copyright!”, “Creators for Europe” and “Copywrongs.eu”, and suggests that these initiatives played a part in generating the exceptionally high number of responses.

The respondents were asked to indicate to which group they belong: end users/consumers (e.g. individual citizens, consumer associations), institutional users (e.g. libraries, museums, universities), author/performer (e.g. writers, actors, musicians), publisher/producer/broadcaster, intermediary/distributor/other service providers (e.g. Internet Service Providers (ISP), internet platforms, film distributors, telecom companies), collective management organisations (CMO), public authority, member state or other. The vast majority of responses, 58,7 %, was submitted by respondents categorising themselves as end users/consumers, and 24.8 % of the responses came from authors/performers. The report analyses the responses to the 80 questions of the consultation bundling them according to the category of the respondents, and explaining the general trends that could be seen in the input from each group.

The vast majority of end user/consumer respondents stated they have faced problems when trying to access online services in another member state. They consider the blocking of content to be mostly arbitrary and unpredictable. The majority of broadcasters saw a need to restrict rights on a territorial basis and to guarantee full exclusivity to distributors who are pre-financing productions to enable them to make return on their investment. Some broadcasters, mainly commercial, did not see any need for legislative change, while others, especially public service broadcasters, considered it would be needed. The vast majority of service providers distributing digital content believed that further measures are needed to increase cross-border availability of content.

The majority of end users/consumers and institutional users considered that hyperlinks to a work or other protected contents should not be subject to authorisation by the rightholder. They emphasised that the ability to freely link from one resource to another is one of the fundamental building blocks of the internet. The majority of authors and performers, as well as publishers/producers/broadcasters stated that the provision of a hyperlink to publicly available content should, at least in some cases, be subject to the authorisation of the right holder. According to them, authorisation should be required especially for embedded or framed links within websites, since directing viewers to another site potentially reduces their advertising revenues. Most of the member states that responded considered that hyperlinking does not amount to an act of communication to the public and therefore rightholders’ authorisation is generally not needed.

All but one of the member states that replied to the consultation were against a further extension of the term of protection. They stressed that copyright terms should encourage creation without being longer than justified. The vast majority of authors/performers and CMOs considered that the term of protection currently set out in EU law is appropriate, while the end users/consumers generally considered that the current terms of copyright protection are inappropriate. They pointed out that protection should be shortened since long terms are counter-productive for creators, and a burden to innovation. Consumers would like to see competition between physical and online formats which they believe could bring down prices.

Many end users wanted to preserve or strengthen existing exceptions and limitations, and to provide room for member states to experiment with new exceptions adjusted to the digital environment. Institutional users generally supported copyright harmonisation which implies making exceptions mandatory and harmonising their scope to a greater extent. Authors/performers, publishers/producers/broadcasters as well as CMOs generally considered that exceptions have a damaging effect on cultural production. Most respondents in these groups were against any further harmonisation, which they considered would risk a weakening of copyright protection at the expense of creators. However, a number of authors and performers stated that the private copying exception should be made mandatory and further harmonised and that fair compensation should be ensured in every member state.

Report on the responses to the Public Consultation on the Review of the EU Copyright Rules (23.07.2014)

Public Consultation on the review of the EU copyright rules

BREAKING: Report on responses to Public Consultation on EU copyright now available (23.07.2014)

EU copyright Public Consultation responses Katseries #2: linking and browsing (24.07.2014)

EDRi’s response to the consultation

EDRi’s booklet on copyright




22 Jul 2014

EDRi’s response to FCC consultation on net neutrality

By Heini Järvinen

The US Federal Communications Commission’s (FCC) consultation on net neutrality “Protecting and Promoting the Open Internet” initially had a deadline of 15 July, which was subsequently extended due to the huge volume of responses (reportedly above one million).

Read EDRi’ response to the consultation here:

In Europe, the Council is now now edging towards a decision on whether it should accept or reject the democratic decision of the European Parliament to support net neutrality. As things stand, it appears that the Council will reject the views of European citizens and the European Parliament. The two most likely outcomes are the abandonment of the entire telecoms single market regulation or support for the kind of meaningless, uenforceable, failed “code of conduct” approach chosen by the UK.