02 May 2016

BREAKING: TTIP leaks confirm dangers for digital rights

By Maryant Fernández Pérez

Today, Greenpeace has unveiled documents on the Transatlantic Trade and Investment Partnership (TTIP), including the telecommunications chapter and EU’s Tactical State of Play of March 2016.

The leaks show an ideological drive towards deregulation and law enforcement by private companies

, said Joe McNamee, Executive Director of European Digital Rights (EDRi).

This would sweep away key European success stories such as open and competitive telecommunications markets and a legal framework based on transparency and the rule of law

, he added.

EDRi has analysed two of the leaked TTIP documents, the Telecommunications Chapter and the Tactical State of Play. Some of our most important concerns include:

Telecommunications Chapter

  • “Article X.5: Regulatory Flexibility” would give new and excessive powers to telecom regulators, including the power for any national telecom regulator to stop applying EU legislation on a service that the EU or an EU Member State “classifies as a public telecommunications service”. Regulators would have the power to ignore democratically agreed laws if it decided, entirely at its own discretion, that the enforcement was not needed to “prevent unreasonable or discriminatory practices” or, to protect consumers, for example.
  • “Article X.6: Review of legislation” is even worse, as it gives telecom authorities the power to repeal or modify EU legislation, without any democratic accountability or responsibility.
  • Article 48 refers to the confidentiality of electronic communications. While the provision states that both the EU and the USA have to ensure the confidentiality of electronic communications and related traffic data, they should do this “without restricting trade in services”. Would a data protection or privacy measure constitute a trade restriction? This point remains far from clear. What we do know is that decisions on whether data protection and privacy rules are acceptable would not be decided by the European Court of Justice and would not need to take our fundamental rights into consideration.

EU’s tactical State of Play (March 2016)

While the European Commission claims to be very transparent in its reports, the public receives a non-complete state of play after each round of negotiations. The leak is a real, internal state of play on the negotiations, clearly reflecting the lobbying efforts of certain parts of industry from both sides of the Atlantic. A first reading of the leak has allowed us to identified developments on digital rights that are worrisome:

  • Regarding data flows, no progress has been, probably because of the current discussions on the equally flawed EU-US “Privacy Shield”. The document states that these talks might be accelerated because US telecom companies are “very interested in data flows”.
  • On encryption, it says that the EU and the US are discussing similar wording as the one used in the Trans-Pacific Partnership (TPP). This is bad news, as explained by EDRi-member EFF.
  • Concerning so-called “Intellectual Property” (IP), the negotiators seem to take lobbyists’ wish list very seriously. According to the leaked report, “[w]hen confronted with EU warning that bringing sensitive proposals that would require changes in EU law to the table – and doing it at a late stage of the negotiation – may have a negative impact on stakeholders” (which would apparently not include citizens) “and has very limited chances of being accepted”, the US seemed to be prepared to depart from the model of the TPP. Among the proposals the US is thinking of tabling, it includes privatised enforcement measures, that EDRi has been criticising since its inception because they bypass the rule of law and lead to arbitrary corporate decision-making without accountability (cf. “voluntary stakeholder initiatives”). As with ACTA, the US is strongly supportive of “voluntary initiatives” as US-based global giants already impose US copyright law on a global level. The EU (as shown by the recent leak of the Communication on Platforms) supports this approach.

In the leaks analysed by EDRi, there is no single mention of the public, NGOs or civil society in general.

Background information:

TTIP leak: Electronic communications / Telecommunications Chapter

TTIP leak: EU’s Tactical State of Play (March 2016)

EDRi’s red lines on TTIP

EDRi booklet: TTIP and Digital Rights

TTIP Resolution: document pool


02 May 2016

EDRi and 72 other NGOs send letter to EU regulators on net neutrality

By Maryant Fernández Pérez

Today, EDRi joined forces with 72 other civil society organisations from the five continents of the world to ask European Telecom Regulators to uphold net neutrality in the current negotiations about the future of the Open Internet in the European Union.

The Body of European Regulators of Electronic Communication (BEREC) and the 28 telecom regulators are currently negotiating guidelines that will clarify the recently adopted net neutrality law in the EU. A public consultation will be launched by BEREC in June, lasting for twenty working days, as a result of which the final guidelines will have to be published by 30 August 2016.

BEREC has a crucial role in ensuring that the open democratic internet. Failure will be bad for Europe and bad for the world

, said Joe McNamee, Executive Director of European Digital Rights (EDRi).

In this important letter, 73 NGOs from around the world ask the EU Regulators to establish strong guidelines for net neutrality in Europe. In order to respect the Regulation’s stated aim of ensuring “the continued functioning of the internet ecosystem as an engine of innovation”, we urge BEREC to adopt guidelines give real meaning to this goal, including:

  • Careful consideration of so-called “Specialised Services”;
  • The reaffirmation that zero rating is prohibited under the regulation; and
  • Strictly non-discriminatory traffic management and a clear statement opposing intrusive traffic management that would restrict internet users’ privacy.

In order to fix some of the ambiguities of the EU net neutrality regulation, on 31 March EDRi and the SaveTheInternet coalition partners launched a consultation to give citizens more time to tell the regulators what they think about the open internet in Europe. EDRi is also part of RespectMyNet, which is a campaign to encourage internet users to report net neutrality violations all over the European Union.

Read the letter here:

Background information:

Timeline for the adoption of Net neutrality’s implementation guidelines

Net neutrality pieces that BEREC needs to clarify

Deep Package Inspection: what is it and what does the EU regulation say?

Net neutrality: document pool II

EDRi’s first input to EU regulators on net neutrality guidelines (13.01.2016)

Respect My Net: online platform to report net neutrality violations (03.03.2016)

Save the Internet – Final consultation to save the open Internet in Europe (31.03.2016)


28 Apr 2016

Leaked EU Communication – Part 2: Protecting Google at all costs

By Joe McNamee

While the European Commission talks tough about supporting European industry, much of what is in the leaked Communication on online platforms appears to be designed to protect Google and other online giants, to the detriment of competition and European innovation.

Fair payments” for copyright

The Communication refers obtusely to the notion of “fair” distribution of revenue for copyrighted material that is “made available” through platforms. The wording in some parts of the text appears to refer to proposals to introduce “ancillary copyright”, which is often referred to as a “Google tax”. Services like Google News use small snippets from articles to give an indication of the content of stories and publishers want to be paid for this use of their content.

Publishers put their newspapers online in order for people to read them. When people find them through Google News, this makes the publication more successful. Publishers want to be “compensated” because Google also benefits from this.

In Germany, where an “ancillary copyright” levy was imposed, local German companies have to pay to provide news aggregation services. However, since the introduction of ancillary copyright, the biggest media companies have agreed to unpaid listing on Google News. Google uses its dominance to avoid paying anything at all. Small German companies suffer. Google benefits.

In Spain, an “ancillary copyright” law was introduced, under which payments are obligatory. So, Google News left Spain completely. This means that people just go directly to the larger news outlets that they know, which undermines the accessibility of smaller outlets that are now less easy to find. Small Spanish news outlets suffer. Google doesn’t suffer.

Now the European Commission is considering this model for all of the twenty-eight countries of the European Union.


The leaked Communication lauds the “success” of the Commission’s “EU Internet Forum“. The Internet Forum (pdf, a Commission-driven project, in cooperation with US online companies to tackle terrorist content and hate speech online) aims to develop a “code of conduct” for the processing complaints about “illegal” content (or harmful content or just breaches of terms of service) by online companies. Guess how many European companies take part in the IT Forum? Hint: The number is less than one. So, Google (with Facebook and Twitter) have the right to negotiate a baseline level responsiveness to complaints, as well as speed of censorship of illegal (and legal) content. European start-ups are not in the room, but will be expected to respect this baseline, even if this is cripplingly expensive or impractical. They do not have the economies of scale that Google does. European companies suffer. Google wins.


The European Commission threatens “sectoral” legislation on liability, in addition to the existing E-Commerce Directive, to deal with, inter alia, possible copyright infringements. Google already has advanced restrictions in place. For example, it deletes over one million links that have been accused of copyright infringements every day. Similarly, YouTube implements a process called “ContentID, a senior legal counsel at Google once (in his previous job) described as a tool to “massacre” fair use of copyrighted material. Regardless of what copyright flexibilities exist in law, ContentID allows rightsholders to delete content directly from YouTube.

In short, Google is very well equipped to deal with any new, more onerous liability obligations. Indeed, the more restrictive they are, the bigger the Google’s economy of scale and the bigger the competitive advantage that will be given to Google.

Blind faith

On dealing with illegal or unwelcome content, the Commission’s approach is quite simple, and almost beautiful in its naïveté.

It will give Google the problem of liability and the problem of public relations pressure to do “more” (with no baseline) to deal with hate speech, terrorism, child protection, copyright, etc.

The European Commission then hopes that Google, when seeking to solve these liability and public relations problems will, by coincidence, solve the Commission’s public policy problems. The Commission hopes that Google will solve these problems in a way

  • which is transparent and necessary;
  • which is proportionate;
  • which will continue, in the medium and long term, to be effective and proportionate in an ever changing online landscape;
  • which respects the rule of law;
  • which respects free speech;
  • which respects other jurisdictions and, of course;
  • which does not involve any deliberate or accidental anti-competitive behaviour that will.

Seems reasonable.

27 Apr 2016

Leaked EU Communication – Part 1: Privatised censorship and surveillance

By Joe McNamee

EU Charter of Fundamental Rights: Subject to the principle of proportionality, limitations [to fundamental rights ]; may be made only if they are necessary and genuinely meet objectives of general interest recognised by the Union or the need to protect the rights and freedoms of others.

A draft European Commission Communication on Platforms has been leaked. The proposals with regard to the regulation of “illegal” “or harmful” content are hugely disturbing. In summary, the European Commission seems willing to completely give up on the notion of law. Instead, regulation of free speech is pushed into the hands of Google, Facebook and others.

In relation to audiovisual regulation (to update the EU AVMS Directive), the draft suggests that an EU Kids Online research project shows that “children are more and more exposed to harmful content through video-sharing platforms”. This research project does not actually show this at all – it is researched children’s perception of risk and does not provide detailed analysis over time about actual exposure.

In relation to the real motivation behind the privatised censorship proposals (copyright), the draft talks about platforms “which make available copyright-protected content uploaded by end-users”. The wording is very deliberate. While the E-Commerce Directive gives liability protection to hosting companies that passively host content on behalf of their users, “making available” is an active use of content for which the rightsowner has a “exclusive right to authorise or prohibit any communication to the public”. As a result, any “making available” by online platforms without prior consent of the rightsholder would be a breach of copyright, for which the platform would be liable. The only option for being liable for a “making available” by your customers is to subject any uploads to prior checking, filtering and/or takedown in cases of doubt. Online platforms already delete vast amounts of perfectly legal content uploaded by users, so this new incentive would make the situation even worse.

The European Commission even looks to the big online monopolies to take “more effective” action to protect “key societal values”. More effective than what? What values? With what oversight? Following what rules? No rules at all, according to the European Commission – it should be done using “effective voluntary action”. What would this look like? Facebook has already undertaken experiments which show that it has the power to manipulate elections, to manipulate people’s mood or even to manipulate people working in a specific building. No rules are being considered to limit such behaviour.

Remarkably, this approach is not being proposed due to ignorance on the part of the Commission – the text explicitly refers to situations where “information is filtered via algorithms, or manipulated through opaque moderation processes”. How should this risk to our “key societal values” be addressed? Apparently, it will be achieved by ensuring “non-discrimination, or to ensure transparent, fair and non-discriminatory access to information” when access to information is being “manipulated through opaque moderation processes”. The blatant contradiction is apparently not obvious to whomever wrote this part of the text.

The Commission also sees a concern on the part of online platforms that they could become liable for illegal material, if they have systems in place to carry out proactive surveillance. It therefore suggests that measures are needed to “provide certainty” for companies “enabling them to undertake such responsible behaviour”.

Sadly, there is also definitive proof of the fact that the entire text is an example of policy-based evidence-making: it is provided by the statement that extension of certain obligations to online platforms “has been confirmed by the responses to the public consultations on the Telecoms Review and the ePrivacy Directive Review ”. The public consultation on the ePrivacy Directive has not finished and was only launched two weeks before the leaked draft was published – so it confirmed nothing, yet! Similarly, the text refers to the “success” of the Commission-led “self-”regulatory Internet Forum on terrorism and hate speech, even though that project has not produced anything, except some soothing press releases.

Summary: The key societal value of predictable and accountable restrictions on fundamental rights is at risk. With evidence being moulded to suit pre-existing policies, the European Commission appears eager to ensure that the online monopolies monitor online activity, take action to remove any content that creates legal risks for them, and arbitrarily police content to “protect” unspecified and undefined “societal values”. Instead of laws, we will have terms of service. Instead of accountability, we will have unaccountable censorship imposed by a system where, in the Commission’s own words, “information is filtered via algorithms, or manipulated through opaque moderation processes”.

All of this will, the Commission hopes create “the right framework conditions for user trust, innovation and value creation in Europe”.

26 Apr 2016

#ReadAnneDiary (if you can)

By Diego Naranjo

The chaotic and outdated copyright framework in the European Union (EU) negatively impacts citizens by placing absurd restrictions on use of cultural goods. These restrictions benefit neither authors nor  society in general. The European Commission (EC), in its quest to achieve a Digital Single Market, is aiming at reforming the situation and is trying to move towards a “modern, more European copyright”. So far, however, there is no sign of the necessary ambition that a real modernisation requires.

Today Centrum Cyfrowe, Communia, and Kennisland have highlighted how Europe’s copyfails affect the world famous book “The Diary of Anne Frank”. They have published the text at  www.annefrank.centrumcyfrowe.pl, because the book is now in public domain in Poland. However, before trying to download it have a look out your window first: Are you in Poland when accessing this website? You’re not? Sorry, you cannot legally access the content!

Due to the unharmonised patchwork that EU copyright law is, citizens across the EU enjoy different rights in different Member States. The specific reason in this case relates to the difference of publication dates of the original transcripts, of which Anne Frank is obviously the only author. A special provision for extended protection for works published posthumously (as it is the case of the original manuscripts of the Diary) was removed in Poland in 1952, while it exists in Dutch law. According to Communia’s analysis, Anne Frank’s original writings are in the public domain in Poland since 1 January 2016 but that copyright may have not expired in other countries, such as the Netherlands.

The case of the Diary of Anne Frank only shows one more of the many copyfails of the copyright EU framework, which the EU seems reluctant to meaningfully improve. If the EU really aims at having a Digital Single Market and a modern copyright regime which is suited to the digital world, then it needs to go beyond the timid patches that is proposing (text and data mining exception, freedom of panorama…) and create a robust copyright regime that benefits the public interest and ensures innovation and creativity in the XXI century.

Anne Frank and the Term of Copyright Protection: Why it’s Time to Move from Harmonisation to Unification (25.04.2016)

EDRi joins open letter asking for an ambitious copyright reform (07.04.2016)

Copyright reform: Restoring the facade of a decrepit building (16.12.2015)

Copyright for Creativity coalition: The Copyright Reform: Everyday I’m Hurdling – The EC’s latest hurdles on the race to the finish line (06.04.2016)

20 Apr 2016

Member Spotlight: Access Now

By Guest author


This is the second article of the series “EDRi-Member in the Spotlight” in which our members have the opportunity to introduce themselves and their work in depth.

Today we introduce the international organisation “Access Now”.


1. Who are you and what is your organisation’s goal and mission?

Access Now defends and extends the digital rights of users at risk around the world. We combine innovative policy, user engagement, and direct technical support, and fight for open and secure communications for all.

We are fighting against internet shutdowns and mass surveillance, for corporate and government transparency and a secure internet, for MLAT reform and net neutrality and we’re really really into encrypting ALL THE THINGS!

But we are first and foremost a tech-driven organisation. Our brilliant tech team valiantly runs the Digital Security Helpline which operates out of Manila, Tunis and Costa Rica, working 24/7 to assist civil society, activists, bloggers and journalists on the ground in digital need around the world.

2. How did it all begin, and how did your organisation develop its work?

Access Now was founded in 2009 by four people – Brett Solomon, Cameran Ashraf, Sina Rabbani and Kim Pham – after the turbulent Iranian presidential election of that year. During the protests that followed the contested election, Access Now took a strong role in supporting secure communications, protecting independent websites and disseminating the video footage that came out of Iran despite government efforts to thwart outgoing communication. Since then, the key focus has been on empowering users and fighting ill-advised government policies in our increasingly networked, digital world.



3. The biggest opportunity created by advancements in information and communication technology is…

… fostering free expression, human development, building bridges and overcoming the lack of diversity. As a society we have the tools to make a lot of real, positive change.

4. The biggest threat created by advancements in information and communication technology is…

…. currently to the right to private life and data protection, human intimacy and trust. We’ve voluntarily accepted cameras and microphones into all areas of our lives. But it does not have to be that way. Technology can and must be human rights- protecting and enhancing.

5. Which are the biggest victories/successes/achievements of your organisation?

We have been involved in global victories for net neutrality in the EU, the US and in India, for privacy in the EU, against data retention in Paraguay, for corporate accountability globally, on the government surveillance in the US and many more. Without our cooperation with EDRi, none of our success in the EU would have been possible.

One of our greater endeavors is the organisation of a yearly conference, RightsCon, where the world’s human rights experts, business leaders, technologists, engineers, investors, activists, and government representatives come together to discuss issues at the intersection of technology and human rights. The latest edition recently took place in San Francisco in March 2016. The atmosphere in this year’s edition was fantastic and next year we are bringing it to Europe! So let’s make sure European civil society is over-adequately represented.

Fun fact: In 2010 we were finalists for the European Union’s 2010 Sakharov Prize for Freedom of Thought!

6. If your organisation could now change one thing in your country, what would that be?

Since we are a global organisation, we will simply ask for the protection of an open, free and secure internet globally.

Here in Europe we would like to see governments reconnect with the people they are elected to protect through user-centric rights-enhancing policies bringing transparency, accountability and digital security.

7. What is the biggest challenge your organisation is currently facing in your country?

The biggest challenge we are currently seeing globally is with governments reacting too rashly to current challenges. The digital world is getting away from them and they are coping with this change by trying to surveil and control it. We’re seeing massive thresspases against privacy and fundamental human rights, encryption compromises… Governments need to relinquish this constant need to meddle and fiddle. Stop trying to break the internet and just give us the solid legal certainty which we need to feel protected and free to express ourselves in the online environment.

8. How can one get in touch with you if they want to help as a volunteer, or donate to support your work?

We have an Action Center where we list all of our ongoing campaigns. Every voice counts so signing those petitions and sending emails to government representatives really helps get our message across. There is of course a weekly newsletter that goes around and there is also the opportunity to subscribe to our actions alerts – that way subscribers can get a notification to join us in protecting human rights online! There is of course also the traditional way of making a donation or volunteering to help us at RightsCon next year. All of this can be found on our website: www.accessnow.org

20 Apr 2016

Countering terrorism, a.k.a. the biggest human rights threat of 2016

By Maryant Fernández Pérez

United Nations (UN) Special Rapporteur on counter-terrorism and Human rights, Ben Emmerson said “the central challenge for human rights in 2016 [is] ensuring governments continue to support a human rights agenda” while seeking to end terrorism.

................................................................. Support our work - make a recurrent donation! https://edri.org/supporters/ .................................................................

The European Union is also faced with this challenge. In the EU, there is currently a proposal for a Directive to combat terrorism that, as currently drafted, would pose threats to freedom of expression, privacy and security. The draft Directive was drafted in just 2 weeks, with no impact assessment. This means that the current proposal has neither evidence of its possible impact on your human rights and freedoms nor a proof indicating its possible effectiveness and even justifying the need for a Directive in the first place.

This draft Directive was proposed by the European Commission in December 2015. In the proposal, the Commission expressed its willingness to address the internet, without any clarity as to what it meant by that. While the European Parliament has not taken a position on this Directive yet, the Member States gathered within the Council of the European Union have adopted their position already. For instance, the Council has adopted a confusing approach on blocking of websites which is simply reckless in the absence of an impact assessment. It is based on the Child Exploitation Directive’s provision on blocking, whose effectiveness has never been assessed. It is also entirely incongruous, in a Directive whose purpose is to criminalise certain activities.

As for the Parliament, politicians that are part of the Parliament’s civil liberties committee (LIBE) have tabled 438 amendments. Some of them follow EDRi’s recommendations to have strong human rights safeguards, to stop the criminalisation of speech that is part of our freedom of expression, to be more precise about the link between a banned conduct and a terrorist offence, to delete dangerous elements, such as on malware and “electronic evidence” (whatever that means) and take-down of legal websites. However, there are some amendments that risk mirror elements leaking in from the Parliament’s non-legislative report adopted at the end of November 2015, the Dati Report, and new elements which could undermine the rule of law, encryption, the use of Tor, among others.

Countries around the world are using measures to combat terrorism and violent extremism to silence journalists, activists and normal people who want to express themselves, even if the views are uncomfortable.

We hope the EU will lead by example by preventing the abuses we’re seeing in several EU countries. If, after every terrorist attack, legislators enact new laws with the hope of creating a feeling of more security and safety in the population, without actually solving the problem of terrorism, we will have less freedoms and rights in exchange of no real solution. Instead, the European Parliament adopted the EU PNR Directive last week, which is a profiling measure that has not been proven useful for tackling terrorism.

The UN Secretary-General Ban Ki-Moon has recently described such reactions very well: “repressive and heavy-handed security responses in violation of human rights and the rule of law, such as profiling of certain populations, adoption of intrusive surveillance techniques and prolongation of declared states of emergency, tend to generate more violent extremists.”

Instead of restricting our freedoms, human rights and undermining the values that founded the European Union, effective, evidence-based measures should be put in place not only to combat terrorism, but also to prevent it. As Sascha Lobo explained for Spiegel, more resources should be put in judicial and police personnel. Instead of repairing a legal system capable of enforcing the rule of law, we are getting more computers, databases, more laws with far reaching consequences. If this draft Directive is adopted, particularly if the new damaging proposals that are on the table are adopted, we will create new dangers, without solving the real problems that need to be addressed.

EDRi’s recommendations for the European Parliament’s Draft Report on the Directive on Combating Terrorism (29.03.2016)

UN Special Rapporteur on the promotion and protection of human rights and fundamental freedoms while countering terrorism Report (22.02.2016)

UN Plan of Action to Prevent Violent Extremism (24.12.2015)

Spiegel: The Man Machine: Profound, structural, multiple government failures (German) (30.03.2016)

(Contribution by Maryant Fernández Pérez, EDRi)



20 Apr 2016

New data protection law in Turkey

By Guest author

Turkish Parliament enacted the Data Protection Law on 24 March 2016 and it entered into force on 7 April. There had been several attempts for enacting the Law over the course of more than 10 years, but all of the bills were later withdrawn by the AKP – Justice and Development Party (the ruling party since 2002) governments.

................................................................. Support our work - make a recurrent donation! https://edri.org/supporters/ .................................................................

The AKP was quite motivated to enact the law because:

  1. Due to the nonexistence of Data Protection Law, Turkey was regarded as an “unsafe country” in terms of data protection and this resulted in certain difficulties for collaboration of Turkish security agencies with its counterparts abroad.
  2. Many Turkish companies could not operate in Europe and other places for the same reason.
  3. The government has the plan of establishing a “World Finance Center” in Istanbul, but that would be impossible without a proper DP Law.
  4. Turkey is officially a candidate country for membership to the European Union which enforces member and candidate countries to adopt a DP Law.

The hesitation of the government was due to the concern that the previous versions of the law would not be in conformity with the contemporary approach and thus would not be adequate for realizing the objectives outlined above. In the earlier versions of the bill, the Data Protection Board was to be appointed by the government or the President which draws suspicion to its autonomy. In the last version, four members of the Board were to be appointed by the government and three members by the President. This has been changed last minute and the enacted law envisages that two members are to be appointed by the President, two by the government and five to be elected by the Parliament.

Another hesitation in the previous versions stemmed from the fact that several security agencies such as police and secret service were given exemption for collecting and processing personal data. Although the new law does not explicitly mention these organisations, it has several exemptions which will pave the way for these organisations legally to collect and process data.

CHP – People’s Republican Party, the largest opposition party, declared that it will apply to the Constitutional Court for the annuling of the law.

Turkey’s data protection draft law open to abuse: Expert

Turkey passes long-awaited data protection law (07.04.2016)

Turkey’s New Data Protection Law (15.04.2016)

Turkey Completes Final Step in Approving Data Protection Legislation (07.04.2016)



20 Apr 2016

Huge protest against corruption & surveillance in Macedonia

By Guest author

The political crisis in Macedonia deepened on 12 April when the President Gjorgi Ivanov announced that he would issue a blanket pardon to 56 politicians suspected of involvement in serious crimes. Over the last eight days, tens of thousands of citizens took to the streets of the capital city Skopje and about a dozen other cities, demanding justice and restoration of democracy.

................................................................. Support our work - make a recurrent donation! https://edri.org/supporters/ .................................................................

In February 2015, the opposition started revealing excerpts of leaked wiretaps conducted by the state’s Secret Service, alleging that over 20,000 citizens were subject to direct illegal surveillance, as part of an alleged criminal conspiracy run by the Prime Minister Nikola Gruevski and his family. The illegal surveillance was allegedly conducted with use of state resources and with compliance of telecom operators.

Using surveillance as a tool for control and intimidation has led to a decline in the respect for human rights, in particular freedom of expression. This is demonstrated, for example, by the fact that Macedonia’s rank on World Press Freedom Index sunk from 34 in 2009 to 118 in 2016.
In June 2015 a probe by group of experts lead by the former European Union (EU) Commissioner Reinhart Priebe confirmed these allegations and was the basis for further steps taken by the European Commission (EC). These steps included setting urgent reform priorities for Macedonia as an EU candidate country and joint mediation with the USA. The mediation led to the so-called Pržino Agreement, which stipulated gradual reforms that would reverse the backsliding from democracy.

One step included the formation of a new institution, the Special Public Prosecutor (SPP), in charge of investigating the crimes related to the illegal wiretapping. The SPP faced various obstacles from other state institutions after it started investigations of various wrongdoings, including electoral fraud, torture of political prisoners, and misuse of state funds. The legal grounds of the announced presidential pardon for suspects under its investigations is highly controversial, but if implemented would ensure impunity and make the SPP work irrelevant.

Angered by this abuse of state function and by the prospect of continuing rule of what they see as mafia structure maintaining the control of the state, citizens started protesting daily in the streets of Skopje, and later in other cities. At first numbering hundreds, their numbers swelled to tens of thousands in the capital and several thousands in the cities of Bitola, Strumica, Prilep, Kumanovo, Shtip, Kochani, with other cities announcing they would join the protests in the coming days.

The protest’s main demands are restoration of the rule of law, punishment of organised crime, and all perpetrators being held accountable. As a main slogan, the protesters chant:
“No Justice, No Peace!” They also address the lack of freedom of expression, with: “No More Silence!”

The protesters jokingly use the term “multicolored revolution” as some of them throw eggs and paint at government buildings, esp. those built under highly controversial project Skopje 2014, which incurred costs of over € 630 million without public consultation. These new constructions, such as the Triumphal Arch from 2012, new “baroque” facades and fountains are perceived as symbols of power of the regime. According to Macedonian law, these forms of vandalism, alongside graffiti, are considered misdemeanors and usually do not incite interventions by riot police.

The EU invited the leaders of the four biggest political parties in Macedonia, for negotiations in Vienna on 22 April, to find ways to continue the blocked implementation of the Pržino Agreement. The exclusion of the civil society from the previous rounds of negotiations lead to compromise solutions that fuel the anger of the protesters, who demand that end of impunity for criminal responsibility take precedence and be the precondition for all eventual political reforms supported by the international community.

Macedonia: Massive surveillance revelation: 20 000 people wiretapped (11.02.2015)

Macedonia: a superficial democracy in the shadow of crises (01.04.2016)

Macedonia president halts wiretapping inquiry (12.04.2016)

EU Commissioner Criticizes Macedonian President For Halting Wiretap Probe (12.04.2016)

Macedonia President’s Amnesty Move Prompts Civil Unrest (14.04.2016)

U.S. Mission to the OSCE: On Developments in Macedonia: Statement to the PC (14.04.2016)

U.S. Dept. of State: Macedonia Country Report on Human Rights Practices for 2015 (13.04.2016)

Macedonia corruption: Fourth night of protests as snap election called (15.04.2016)

‘Without Justice, There’s No Peace!’: Macedonians March Against President’s Pardon for Politicians Under Investigation (15.04.2016)

The Budding Autocrats of the Balkans (15.04.2016)

EU Attempts to Salvage Macedonia Crisis Deal (18.04.2016)

Protests in Macedonia Gain Momentum as New Round of Political Negotiations Is Announced (19.04.2016)

Macedonia’s political crisis: Make or break for civil society (19.04.2015)

“No to negotiations” shout citizens, they demand equality, justice and freedom (20.04.2016)

2016 World Press Freedom Index (20.04.2016)

(Contribution by Filip Stojanovski, Metamorphosis)



20 Apr 2016

The biggest data breach in Turkish history

By Guest author

About 50 million personal records of Turkish citizens have been made publicly available in a searchable database on the internet. Ironically, although the site that holds the database is open to the entire world, it is one of the 110,000 sites blocked by Turkish government and can only be accessed from Turkey via a virtual private network (VPN). The database contains personal information such as names, citizenship numbers, parent names and addresses of 49,611,709 citizens. This huge number involved makes the breach the most serious in Turkish history. By comparison: the Office of Personnel Management leak in April 2015 involved the personal records of 22 million public servants in the US.

................................................................. Support our work - make a recurrent donation! https://edri.org/supporters/ .................................................................

Contrary to the reports in the international media, the leak does not seem to be recent, but what is new is, that the data is now available on the net. In Turkey, citizenship data has been available on the black market for years. It was mainly sold to solicitors and cargo companies which need accurate addresses of individuals. Several people were taken into custody for obtaining the data on 27 July 2010 and twelve of them were later sentenced.

The version available on the internet seems to be related to the 2009 elections, as it contains data on citizens that were over 18 years of age at that time. The government was quick to blame the largest opposition party (CHP) and its arch-rival Fethullah Gülen, a US-based cleric for leaking the database at the same time. It is currently considering not to give electorate data to the parties in future elections. The opposition party responded that this was nonsense and it was only one of the 30 parties that received the database. According to CHP, this accusation is an indication of the intention of further fraud by the ruling party AKP by keeping information from them.

As a potential ticking bomb, all health records such as doctor visits, treatments, health tests and medicine prescribed for all citizens are also kept in a central database in Turkey. This is permitted by the new Data Protection Law and any similar breach of that database will have even more serious consequences in future.

Personal data of 50 million Turkish citizens, incl Erdogan’s reportedly leaked online (04.04.2016)

Personal details of 50 million Turkish citizens leaked online, hackers claim (04.04.2016)

Hack Brief: Turkey Breach Spills Info on More Than Half Its Citizens (05.04.2016)

Correction: Turkey-Data Leak story (06.04.2016)

Turkey launches inquiry into leak of 50 million citizens’ data (04.06.2016)