self-regulation

A measure which would be illegal if implemented by a government should also be illegal if implemented by industry as a “voluntary” measure, as a result of government pressure or for public relations or anti-competitive reasons. However, as key international legal instruments, such as the European Charter of Fundamental Rights and the European Convention on Human Rights, as well as national constitutions are binding for states and governments, they are not directly applicable to other entities, such as private companies. As a result, there is a major trend towards governments persuading or coercing companies to impose restrictions on fundamental freedoms under the guise of “self-regulation,” thereby circumventing legal protections.

01 Oct 2014

Net neutrality: NGOs and industry join forces in an open letter to EU ministers

By Kirsten Fiedler

Today, EDRi together with several NGOs, consumer groups and industry representatives sent an open letter to the Council of the European Union, calling for Telecoms ministers to support strong net neutrality rules in the EU. The Council is currently reviewing the proposal of the Telecoms Single Market Regulation, voted on by the European Parliament in April.

The European Parliament took a major step to protecting the open internet in Europe and to setting a global standard for online freedoms. Despite fierce lobbying from a coalition of the European Commission and former monopoly telecoms operators, Parliamentarians have supported the principle that the internet should remain open, competitive and democratic. It is now up to the Member States in the Council to confirm Europe’s support for a free and open Internet.

01102014-Letter-NN

 

The full letter and list of signatories can be found here (pdf) and below:

Dear Ambassadors,

Please make your relevant Ministers aware of this call to support net neutrality rules in the proposed Telecommunications Single Market Regulation.

We understand that you are currently involved in the Council of Ministers discussions on the proposed European Telecommunications Single Market Regulation. We, the undersigned organisations, are committed to an open, transparent and secure Internet and would like to call on you to support strong open Internet provisions as part of this proposal.

The open nature of the Internet is a key driver for innovation and economic efficiency and for fostering informed citizenship and plurality of opinions, creating a vital need for effective rules on net neutrality at EU level. Providing a clear EU regulatory framework on net neutrality would bring much needed certainty for sustained investment in innovative online content and applications that are available to everyone equally and boost consumers’ trust in the Internet and the digital society.

Net neutrality allows consumers and citizens across Europe to enjoy unfettered access to the Internet, regardless of the content, services and applications they use. This principle enables everyone, including innovators and entrepreneurs, to communicate with everyone, both in Europe and globally. Net neutrality is indispensable for innovation and growth, for the fundamental right to receive and impart information and for investment in next generation broadband.

We now call on the Council to take a strong stance on net neutrality.

Studies by regulators have unequivocally demonstrated that clear rules are necessary to halt discriminatory practices. Sound rules on net neutrality should include a clearly stated non-discrimination principle for Internet access providers. These rules allow Internet access providers to manage traffic but it should neither be prioritized nor discriminated against based on the content, services, applications, or devices that are being used. Internet access providers should clearly be able to offer customers internet access packages with different speeds and volumes – as long as they treat services and applications in a non-discriminatory manner.

Such rules should not prevent Internet access providers from offering “specialised services” if they wish, as long as they do not degrade or impair internet access services and are not discriminatory. National regulators must have both effective tools and clear obligations to prevent this from happening and should analyse and address each case on its merits.

EU-wide rules that include these principles will ensure that users, not Internet access providers, decide what applications and content they use, and enable entrepreneurs to market their services across the Union. It will be a significant step towards a true digital single market and avoid individual countries adopting different, perhaps incompatible legislation. Finally, it will demonstrate a commitment by Member States to respond to the demands of citizens, the European Parliament, and businesses across Europe.

The upcoming negotiations between Telecoms Ministers are an opportunity to send a clear signal to the other EU institutions and the European public that there is a political will to establish an EU framework which enables the EU to take up its role as a champion of the open Internet. We therefore call upon you to work towards the inclusion of robust net neutrality provisions in the Telecommunications Single Market Regulation proposal which would provide certainty for providers of innovative online content, applications and services, enhance transparency for end-users, and boost consumers trust in the Internet.

The contributors of this open letter are:

close
24 Sep 2014

ENDitorial: Italian position on IP Enforcement – the essence of insanity?

By Joe McNamee

On 11 September, the Italian Presidency of the European Union submitted a discussion paper to the Council (see link below). The paper explains that, following the “review of Directive 2004/48/EC”, the controversial, so-called “Intellectual Property Rights Enforcement Directive” (IPRED) and the public consultation, it is “clear that the current legislative framework is not necessarily fit for purpose”. This is not an unreasonable assessment. It is also not surprising that the Italian Presidency mistakenly believes that there was a review of the Directive, bearing in mind the volume of unproductive European Commission activity (two “roadmaps, one conference, two consultations and an implementation report) that there has been on the topic. Unless the “review” they are referring to is the implementation report which, curiously enough, does not contain the word “review”.

However, having established that the current legislative framework is not fit for purpose, the best thing that the Presidency can think of proposing is to expand and deepen the failed, not fit for purpose enforcement measures that are currently in force. The Italians apparently hope that, if they do the same thing over and over again, different results will be produced.

The document calls for “clarity” on the retention of personal data by intermediaries and the use of such data to identify infringers. They propose this even though the European Court of Justice has ruled that wide-scale retention of personal data for law enforcement purposes, even for serious crime, is contrary to the primary law of the European Union. In order to avoid abuses (that the Italian document helpfully recognises as a real possibility), it proposes that enforcement efforts focus on “commercial scale infringements”. It does this, in apparent ignorance of the fact that the European Commission, in one of its roadmaps for a review of the Directive, indicated that a clearer definition of “commercial scale” is needed in order to avoid individual consumers being unfairly targeted.

Rather than seeking to reform the legal framework, which it describes as not “necessarily” fit for purpose, rather than reforming the definition of “commercial scale”, the Italian Presidency suggests a directionless reflection on the possibility of imposing policing duties on undefined Internet intermediaries. It foresees obligations requiring them to somehow “know” their customers in order to… well, they don’t actually tell us.

In the same vein, the Italian Presidency implicitly supports expanding the range of Internet intermediaries on which injunctions can be imposed. It also supports expanding the range of injunctions that can be imposed and expanding the geographic area covered by them – creating the possibility of cross-border or pan-European injunctions. Unsurprisingly, the document makes no reference whatsoever to any research indicting that such measures would be necessary or proportionate.

Mysteriously, bearing in mind that the currently enforced version of the Directive permits orders “to pay the rightholder damages appropriate to the actual prejudice suffered by him”, the Italian Presidency suggests that action be taken to “ensure that damages awarded are sufficient to cover the prejudice suffered”. This suggests that European courts are not competent enough to work out what appropriate damages might be, under the current legal framework – with, again, no hint of any evidence to back up this position.

In fairness to the Italian Presidency, the incoherence, incompetence and ineptitude of the document echos the failings of the Commission’s recently published Communication on IP Enforcement. Perhaps the Italian Presidency is only guilty of passing off a European Commission document written as its own – in the name of “intellectual property”.

Enforcement of intellectual property rights – Presidency paper (11.09.2014)
http://register.consilium.europa.eu/doc/srv?l=EN&f=ST%2013076%202014%20INIT

Directive 2004/48/EC of the European Parliament and of the Council of 29 April 2004 on the enforcement of intellectual property rights (02.06.2004)
http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32004L0048R%2801%29

Report: Application of Directive 2004/48/EC on the enforcement of intellectual property rights (22.12.2010)
http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52010DC0779&from=EN

Consultation on the Commission Report on the enforcement of intellectual property rights (2011) http://ec.europa.eu/internal_market/consultations/2011/intellectual_property_rights_en.htm

Proposal for a revision of the Directive on the enforcement of intellectual property rights (2011)
http://ec.europa.eu/smart-regulation/impact/planned_ia/docs/2011_markt_006_review_enforcement_directive_ipr_en.pdf

Commission Communication on civil enforcement of IP within the Internal Market (2013)
http://ec.europa.eu/smart-regulation/impact/planned_ia/docs/2013_markt_036_civil_enforcement_ip_en.pdf

European Commission Communication: Towards a renewed consensus on the enforcement of Intellectual Property Rights: An EU Action Plan (2014)
http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52014DC0392

European Commission IP Enforcement page: The Directive on the enforcement of intellectual property rights
http://ec.europa.eu/internal_market/iprenforcement/directive/index_en.htm

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
24 Sep 2014

Panoptykon called on MEPs to stop mass surveillance

By Guest author

On 11 September 2014 digital right activists and advocates around the world commemorated the anniversary of 9/11 terrorist attacks on the WTC as the Freedom not Fear Day. It reminded decision makers and society as a whole that “absolute security” is a fallacy that can never be achieved, even in return for giving up all citizens’ rights and freedoms. EDRi-member Panoptykon Foundation used this opportunity to remind the Members of the European Parliament (MEPs) about their promises to end the mass surveillance.

On 12 March 2014, after a series of public statements made by politicians, activist and experts (including Edward Snowden), the European Parliament adopted strong resolution against mass surveillance, and MEPs called both Member States and European institutions to take political measures and adopt stronger legal guarantees in order to end mass surveillance programmes carried out by European and American agencies. Now that the summer holidays are over and the newly elected MEPs have moved to Brussels, it’s time for the European Parliament to follow up on recommendations adopted in the previous term. Panoptykon came up with a list of concrete steps that could be taken by Members of the European Parliament and called Polish representatives to get active.

The list of recommended actions that MEPs found in their mail boxes on 11 September included:

  1. Exerting pressure on the Council and national governments to speed up the reform of the data protection regime.
  2. Ensuring that the “umbrella agreement” between the EU and the US on data protection for law enforcement purposes does not allow broad national security exemption.
  3. Pressing for constant evaluation of the Safe Harbour, PNR and SWIFT agreements in order to find out whether data protection safeguards are respected in practice.
  4. Including mass surveillance as an issue in the hearings of the candidates for new Commissioners.
  5. Continuation of the LIBE committee investigative work on the basis of new disclosures.

Freedom not Fear – 11 September we celebrate the International Day of opposition to surveillance (only in Polish, 07.09.2010)
http://panoptykon.org/wiadomosc/wolnosc-nie-strach-11-wrzesnia-obchodzimy-miedzynarodowy-dzien-sprzeciwu-wobec-inwigilacji

European Parliament: there is no consensus on mass surveillance, you need to increase oversight of special services (only in Polish, 12.03.2014)
http://panoptykon.org/wiadomosc/parlament-europejski-nie-ma-zgody-na-masowa-inwigilacje-trzeba-zwiekszyc-nadzor-nad-sluzba

Appeal to the European Parliament: Time to fulfill your promises and stop mass surveillance! (only in Polish, 10.09.2014)
http://panoptykon.org/wiadomosc/apel-do-parlamentu-europejskiego-czas-spelnic-obietnice-i-zatrzymac-masowa-inwigilacje

(Contribution by Katarzyna Szymielewicz and Anna Obem, EDRi-member Fundacja Panoptykon, Poland)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
24 Sep 2014

The Turkish government tightens its grip over the Internet

By Heini Järvinen

On 8 September 2014, the Turkish parliament passed an amendment to the already draconian Internet law. The amendment allows the Turkish Telecommunication Authority (TIB) to block (without a court order) any website that appears to threaten “national security or public order”. Internet Service Providers (ISPs) are required to execute the blocking order of the TIB within four hours. This enables the government to block content quickly and without due process of law.

In addition to allowing blocking of websites without a court ruling, the law also obliges ISPs to store all data on web users’ activities, such as browsing history, for two years, and make it available to the authorities upon request, without a court order.

The new law, as well as other recent actions of the Turkish government, have raised concerns about freedom of speech in the country. The large majority of the traditional mainstream media is either directly or indirectly under the government control, and the Internet remains one of the few channels for free speech in Turkey, but the government is continuously increasing the measures to control also the Internet.

During the last few years, the Turkish government has blocked sites which broadcast recordings that appear to indicate corruption of government officials and appear to show dubious relationships with the fundamentalist organisations in Syria and Iraq. In spring 2014, social media platform Twitter and a video-sharing website YouTube remained blocked for several weeks. “National security and maintaining public order” were used as justifications also to this blocking.

Turkey becoming intelligence state with new Internet law (09.09.2014)
http://www.todayszaman.com/national_turkey-becoming-intelligence-state-with-new-internet-law_358245.html

Turkey tightens Internet controls, weeks into new government (09.09.2014)
http://in.reuters.com/article/2014/09/09/turkey-internet-idINKBN0H41AJ20140909

Turkey tightens grip over the internet (09.09.2014)
http://online.wsj.com/articles/turkey-tightens-grip-over-the-internet-1410279325

Turkey: Internet freedom, rights in sharp decline (02.09.2014)
http://www.hrw.org/news/2014/09/02/turkey-internet-freedom-rights-sharp-decline

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
24 Sep 2014

France adopts anti-terror law eroding civil liberties

By Guest author

On 18 September 2014, the near empty French National Assembly adopted the “law strengthening the provision relating to the fight against terrorism”. In an atmosphere marked by “apocalyptic” anxiety and speeches on the terrorist threat, particularly within the Internet, minister Bernard Cazeneuve and rapporteur Sébastien Pietrasanta wore down all opposition, blocking any further reflection on the serious breaches of the rule of law that are brought on by this bill.

The evaluation of the proposal turned into a game of “who can propose the most extreme measures” between Minister Bernard Cazeneuve, rapporteur Pietrasanta and representatives from across the political spectrum.

Despite criticism on both the content and form of the law increasing (including from the media usually unwilling to raise their voices on such issues), many Parliamentarians were ready to give up fundamental freedoms in the name of the fight against terrorism.

The most discussed articles at the Chamber had already been identified as problematic early on by the French civil rights organisation La Quadrature du Net. These include:

  • Travel restrictions, control of freedom of movement via bans on leaving the country (Article 1);
  • Removal of the concept of “apologie du terrorisme” from the French press law of 1881 (Article 4);
  • Creation of an individual corporate terrorist offence and creation of an offence of regularly visiting terrorist websites (Article 5);
  • Administrative blocking of Internet websites that promote terrorism (Article 9).

During the examination of the text, Bernard Cazeneuve evaded difficult questions, taking refuge in half-truths. For instance, he referred to the intervention of the administrative judge in the blocking process and suggested that he or she would systematically intervene as a mediator – while the text of the law foresees no such thing. Through denigration of his opponents and against the press that raised concerns about the law, he showed that his objective was mainly to pass ad hoc legislation to ease red tape for the police, rather than producing a proper law.

In order to engage citizens and volunteers to take part in the debate before the vote, to raise awareness and to influence the parliamentarians, La Quadrature du Net created a website “presumes-terroristes.fr” (presumed terrorists) which provides a thorough analysis of the law, its consequences and dangers. Other associations, such as Reporters Without Borders and the Human Rights League, joined the campaign.

The Senate will consider the text in the coming weeks. Even if the dangers of this law caught the attention of civil right associations already several months ago, media and press attention came very late. La Quadrature du Net calls on citizens to contact their Senators to raise awareness as early as possible about the dangers of this law, and continues to raise awareness, as it is crucial for the legislative process and could profoundly change the text during its reading at the Senate.

France’s new anti-terror bill: All presumed terrorist until proven guilty? (22.06.2014)
http://www.laquadrature.net/en/frances-new-anti-terror-bill-all-presumed-terrorist-until-proven-guilty

“Presumes-terroristes.fr” (presumed terrorists)
https://presumes-terroristes.fr/

Terrorism: a dangerous bill (15.09.2014)
http://www.lemonde.fr/proche-orient/article/2014/09/15/terrorisme-un-projet-de-loi-dangereux_4487639_3218.html

(Contribution by Christopher Talib, La Quadrature du Net)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
24 Sep 2014

Romania: Mandatory prepaid SIM registration ruled unconstitutional

By Guest author

The Romanian Constitutional Court (CCR) ruled on 16 September 2014 that a law that required the mandatory registration of all prepaid SIM cards and free WiFi users, is unconstitutional, as a whole.

The Court reviewed the law as a result of the Romanian Ombudsman’s objection concerning its possible unconstitutionality. Several human rights NGOs asked the Ombudsman in July 2014 to notify the CCR regarding the law which had been recently adopted, and to ask the Court to rule on the law’s constitutionality before its promulgation by the President.

Also, on 15 September 2014, a Romanian association for the defence of human rights APADOR-CH and EDRi-member ApTI submitted an amicus curiae requesting the CCR to rule the law unconstitutional, as it breaches the right to privacy.

The Court ruled that

“the law’s provisions are not precise and predictable, and the manner in which the necessary data regarding the registration of prepaid SIM cards and WiFi hotspot users is retained and stored does not provide sufficient means to guarantee the necessary efficient protections for these personal data against abuse or any other kind of unlawful access to and use of these data.”

The full argumentation on this case will be published in approximately one month in the Official Journal.

This is the second important ruling of the CCR on privacy issues, after its decision from 8 July 2014 that declared the second data retention law unconstitutional.

The decisions triggered quick and aggressive reactions in the media from the Romanian Intelligence Service (SRI), Romanian Ministry of Internal Affairs, and politicians from the Committees supervising the SRI activity, all claiming that the CCR decisions have made a “legal vacuum” and now the terrorists will flood Romania to buy prepaid SIM cards.

In an unprecedented move, the CCR issued a press release counterattacking those arguments and reiterating the legal arguments used in their decisions. The SRI came back the following day with a press release with more allegations that in these circumstances the institution may not defend the national security and that now anonymity is allowed in communications.

But one should not be fooled by the smoke, as all this “security-forces-alleged-drama” has some real interests behind it.

First, as the full argumentation behind the unconstitutionality of the prepaid law was not published yet, it is meant to pressure the CCR to water down the decision, so that another law could be initiated.

Secondly, the security institutions in Romania want to push a new data retention law and another attempt (it would be the fifth one now) for mandatory prepaid SIM cards as quick as possible.

Thirdly, all this talk hides the interests on another draft law – on cybersecurity – that was quietly adopted by the Chamber of Deputies and received just two days prior to the debate in the Senate (which is the decisive chamber for this law). As reported earlier in EDRi-gram, that law will give the right for SRI and other nine public institutions to have access to the computer data held by those companies, at a simple “motivated request” from these institutions in their own attributions.

Romania: The law mandating the registration of prepaid SIM cards has been ruled unconstitutional (19.09.2014)
http://thesponge.eu/index.php?idT=4&idC=5&idRec=1115&recType=story

SRI Press release on the legal vaccum created by the CCR decisions (only in Romanian, 20.09.2014)
http://www.sri.ro/comunicat-de-presa-20-09-2014-17-06.html

CCR press release on the decision on law on the pre-pay cards (only in Romanian, 16.09.2014)
http://www.ccr.ro/noutati/COMUNICAT-DE-PRES-103

CCR press release answering the SRI allegations (only in Romanian, 18.09.2014)
http://www.ccr.ro/noutati/COMUNICAT-DE-PRES-106

EDRi-gram: Romania: No communication without registration (02.07.2014)
http://edri.org/romania-no-communication-without-registration/

ApTI: Amicus Curiae to the CCR (only in Romanian, 15.09.2014)
http://apti.ro/interventie-la-curtea-constitutionala-impotriva-inregistrarii-cartelelor-prepay

(Contribution by Bogdan Manolea, EDRi-member ApTI, Romania)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
24 Sep 2014

Risk-based approach to data protection: risky for fundamental rights

By Guest author

On 18 September an EU Council document related to the draft EU data protection regulation was published. The document summarises the positions of Member States that have given their views on a so-called “risk-based approach to data protection”, within the context of the (so far) 30-month negotiations on a review of European data protection legislation. Reading the document, the first question that comes to mind is: Is this going to make the data protection standards any better? The answer is, broadly speaking,… no.

Risk assessment is “the determination of quantitative or qualitative value of risk related to a concrete situation and a recognised threat”. The main problem with a risk assessment in this context is the fact that personal privacy is a fundamental right. Measuring it with risk assessment methodology leads to an awkward misconception about what this fundamental right actually represents; The data controller cannot know about the context and dangers for individual people. Also the view that children’s personal data is somewhat more sensitive than their parents’ is incoherent. The fundamental rights of one part of the society cannot be more fundamental than the fundamental rights of another part of the society. There is strictly no difference between the two, neither from the human rights perspective nor from a practical perspective.

Such assessments make a lot of sense in technical environments where operators deals with their own operational risks, but it is entirely wrong to assume that there is an easy way for assessing third party risk processing operations, especially if its about a narrow, fundamental human right. This is what the risk-based approach is all about – identifying “specific risks”, assessing and categorising the rights of third parties and making decisions based on this.

When it comes to assessment, the exposure of large data sets generates a higher degree of public attention. However, this does not necessarily mean they lead to a more significant threat. The reality of IT shows that systems with a small set of very specific data are not less valuable nor less important for privacy concerns.

Apart from this misconception, it’s shocking to see the massive amount of comments and subtle, detrimental changes that are being proposed by the German delegation, which made as many comments as all of the other Member States put together. These comments and changes will make future negotiations in the trialogue (negotiations between Commission, Parliament and Council) a lot more complicated. Indeed, rather than being a constructive intervention, the German comments look like an effort to stall the progress of what was gained over the last months by bringing up new ideas which will most probably have the effect of delaying and weakening the reform.

Proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) – Risk based approach (02.09.2014)
http://register.consilium.europa.eu/doc/srv?l=EN&f=ST%2012267%202014%20REV%202

Wikipedia: Risk assessment
http://en.wikipedia.org/wiki/Risk_assessment

(Contribution by fukami, EDRi-member Chaos Computer Club, Germany)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
17 Sep 2014

Public Oversight and The Rule of Law

By Joe McNamee

Between 15th-19th of September, in the week leading up the first year anniversary of the 13 Necessary and Proportionate Principles, EDRi, the EFF and the coalition behind the Principles will be conducting a Week of Action explaining some of the key guiding principles for surveillance law reform. Every day, we’ll take on a different part of the principles, exploring what’s at stake and what we need to do to bring intelligence agencies and the police back under the rule of law. You can read the complete set of posts at: https://necessaryandproportionate.org/anniversary. The Principles were first launched at the 24th Session of the United Nations Human Rights Council in Geneva on 20 September 2013.

Let’s send a message to Member States at the United Nations and wherever else folks are tackling surveillance law reform: surveillance law can no longer ignore our human rights. Follow our discussion on twitter with the hashtag: #privacyisaright

One of the most striking elements of the surveillance practices is the extent to which laws and judicial procedures have been breached, ignored and undermined by agencies whose tasks it is to uphold the rule of law.

Before the Snowden revelations, the world had drifted into an unconscious acceptance that existing and unquestioned principles of law were somehow no longer valid. The most striking example of this was the report on the “use of the Internet for terrorism purposes“ (PDF) that was published by the United Nations Office on Drugs and Crime in 2012. That report actively encourages United Nations member states to establish “informal relationships or understandings with ISPs (both domestic and foreign) that might hold data relevant for law enforcement purposes about procedures for making such data available for law enforcement investigations.” These “informal relationships” seem to be exactly what the International Covenant on Civil and Political Rights (ICCPR) prohibits in Article 17, which states that “no one shall be subjected to arbitrary or unlawful interference with his privacy”.

The same UNODC report called for long-term storage of communications data of innocent individuals. It did this despite the fact that there is no evidence that such an extensive intrusion into the privacy of innocent individuals is necessary or proportionate. Indeed, since the report was published by the UNODC, the European Court of Justice has ruled (PDF) that such measures are contrary to the primary law of the European Union. As a result, the EU’s Data Retention Directive was declared invalid. This Directive was adopted in 2006, even though no evidence of necessity or proportionality was provided when the legislation was proposed. More shockingly, EU Member States that did not consider the measures to be necessary in a democratic society were taken to court by the European Commission to force them to transpose the legislation in their jurisdictions.

The impunity that led to the EU Directive to be adopted and enforced was also evident in an “evaluation report“ (PDF) adopted by the European Commission in 2012. That report was forced to recognise that one of the three main reasons for proposing the legislation in the first place – ensuring cross-border access to historical records – was statistically insignificant in practice. The European Commission felt that it was politically safe to take the position that this could be explained by cross-border access being facilitated by “domestic operators” “rather than launching mutual legal assistance procedure [sic] which may be time consuming without any guarantee that access to data will be granted”. No Member State – and no press publication – publicly raised any concern that data was being extracted about citizens, across borders, without authorisation, in situations where national judiciaries would not necessarily grant access to the data.

We cannot uphold the law by breaking the law. We cannot fight lawlessness by undermining the rule of law with impunity.

close
15 Sep 2014

FNF 2014: Brussels privacy advocates summit to tackle surveillance, censorship, net discrimination

By Kirsten Fiedler

header-fnf14Between 26 and 29 September, the annual Freedom not Fear (FNF) conference and barcamp will take place in Brussels. As every year, the action days are challenging the false dichotomy that better security comes at a price: the abandonment of our privacy rights.

On Friday evening, the event will be kicked off with a keynote speech by Simon Davies, publisher of the Privacy Surgeon and founder of Privacy International, who recently released the first global analysis of the impact of the Snowden revelations. He will be joined by Paul Nemitz, Director at DG Justice of the European Commission, for a discussion of the data protection reform and the future of the EU-US umbrella and Safe Harbor agreements.

During the weekend, there will be speakers and workshops on a wide range of topics including Glyn Moody on the Trans-Atlantic Trade Agreement (TTIP/TAFTA) and Jillian York on surveillance. The barcamp style event will allow participants to propose additional ad-hoc presentations or workshops in an open environment. On Sunday evening, there will be a screening of the documentary “The Internet’s Own Boy: The Story of Aaron Swartz”. See the full schedule .

On Monday, participants of the conference will have the possibility to experience EU policy-making first-hand with a visit of the European Parliament. On that day, the Parliament will be very busy with the first hearings of the “Juncker team” and a meeting of the Civil Liberties, Justice and Home Affairs committee.

Supporters of this year’s Freedom not Fear are, among many others, European Digital Rights, the Electronic Frontier Foundation, Digitale Gesellschaft, Access, NURPA, digitalcourage…

Download the poster (PDF):

FNF14_posterA4_thumbnail

close
10 Sep 2014

TTIP: where the Good Samaritan meets the Trojan Horse

By Joe McNamee

The EU and US are currently negotiating a Trans-Atlantic Trade and Investment Partnership (TTIP). The US negotiator, the United States Trade Representative, is reported to be soliciting support for inclusion of provisions from Article 230 of the Communications Decency Act (CDA) in TTIP and other trade agreements being negotiated by the US. So far so good – the CDA creates liability protections for internet intermediaries, thereby reducing the risk of restrictive measures being imposed by them.

As EU intermediaries already have liability protections, there is little incentive for the US to try to implement the CDA in Europe. However, what the CDA has that EU legislation does not have is a “good Samaritan” clause. This gives intermediaries the right to police and punish infringements via voluntary actions that they take “in good faith”.

US intermediaries, despite their liability protections, have been rushing to undertake private policing and punishment measures at the request of the US government. Payment providers have a deal with the White House to block payments accused of breaching US copyright law, internet advertisers have a deal with the White House to take punitive action against online services accused of breaching copyright law, Google voluntarily exports US law to the rest of the world and de-indexes and demotes search results. The US realises that it doesn’t need intermediary liability, it simply needs US companies operating globally to have the freedom to impose US law worldwide based on US political considerations.

The similarity between section 104 of the failed Stop Online Piracy Act (SOPA) and the “Good Samaritan” provision of the CDA is also worthy of note:

SOPA:

“(…) and no liability for damages to any person shall be granted against, a service provider, payment network provider, Internet advertising service, advertiser, Internet search engine, domain name registry, or domain name registrar for taking any action — with respect to an Internet site, or otherwise voluntarily blocking access to or ending financial affiliation with an Internet site, in the reasonable belief that (…)”

CDA:

“No provider or user of an interactive computer service shall be held liable on account of –
(A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers…”

Of course, anything that would be included in TTIP would have a horizontal effect – covering all issues and not just ill-defined “decent” or “indecent” images.

To be fair to the US negotiators, there is a fairly obvious strategic advantage for the USA to try to create a situation where US law is imposed globally by US companies at the request of the US government. Their vocabulary is also clever: who could oppose decency or good Samaritans? The question is whether the EU would be so short-sighted as to fall for this ploy? Experience from the ACTA negotiations and NETmundial suggests that it just might be.

Anti-Counterfeiting Trade Agreement, ACTA
http://www.mofa.go.jp/policy/economy/i_property/pdfs/acta1105_en.pdf

NETmundial Multistakeholder Statement (24.04.2014)
http://netmundial.br/wp-content/uploads/2014/04/NETmundial-Multistakeholder-Document.pdf

Section 230 of the Communications Decency Act
http://en.wikipedia.org/wiki/Section_230_of_the_Communications_Decency_Act

2011 US Intellectual Property Enforcement Annual Report on Intellectual Property Enforcement
http://www.whitehouse.gov/sites/default/files/omb/IPEC/ipec_annual_report_mar2012.pdf

White House announces ad network “best practices” (15.07.2013)
http://futureofmusic.org/blog/2013/07/15/white-house-announces-ad-network-best-practices

(Contribution by Joe McNamee, EDRi)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close