24 Aug 2016

EDRi welcomes its Open Web Fellow

By Heini Järvinen

Starting from September 2016, the new Ford-Mozilla Fellow Siddharth (Sid) Rao will spend ten months with the EDRi office in Brussels, working in cooperation with us to safeguard the internet as a global public resource.

................................................................. Support our work - make a recurrent donation! https://edri.org/supporters/ .................................................................

The Open Web Fellows programme, launched in 2015, is an international programme designed to link developers, engineers, technologists and programmers with civil society organisations around the world. For this second year of the programme, EDRi is proud to be the first European organisation to become a host for the Ford-Mozilla Web Fellowship.

Sid is a Free and Open Source Software (FOSS) enthusiast and a privacy fanatic who specialises in the security analysis of communication protocols. He is also passionate about internet services and infrastructure in developing nations. Sid co-founded the social venture ThirdEye, which builds affordable e-readers for visually-challenged people. He is a past Erasmus Mundus fellow and holds a double master’s degrees from Aalto University, Finland (Information and Network Security) and University of Tartu, Estonia (Cryptography). You can follow him on Twitter: @sidnext2none.


We look forward to hosting Sid who will lend us his expert perspective on our key priorities: data protection, surveillance, copyright and network neutrality. We are excited to share our advocacy experience and to add technical expertise to our team.

Announcing the Second Cohort of Ford-Mozilla Open Web Fellows (01.08.2016)

EDRi: Mozilla’s Open Web Fellowship 2016: Join EDRi’s team! (22.01.2016)



24 Aug 2016

New documents reveal Europol’s plans to increase surveillance

By Kirsten Fiedler

The Europol work programme until the end of the year 2016 reveals that the agency’s goals are to gradually expand its surveillance capacities, to facilitate cross-border access to data, and increase the use of biometrics.

In August 2016, the German news site Netzpolitik.org leaked a document (pdf) which provides a neat overview of Europol’s planned activities. These include:

1. The “Universal Message Format”

The Universal Message Format UMF-3 project aims at facilitating increased cross-border exchange of law enforcement information. Part of this project are the Member States, Europol, Frontex, Interpol and EU-LISA (the European Agency for the operational management of Large-Scale IT Systems). The costs for the development of the system are estimated at around 1,6 million euro. This will also include the pilot project QUEST (Querying Europol Systems), which is a search web service that will allow the Member States to access Europol’s databases.

2. Pwning all the databases

Secondly, Europol states in its overview that it is “improving its technical capabilities to enable a systematic cross-matching of Schengen Information System (SIS II) alerts against Europol systems”.

Europol’s paper then goes on to criticise the “strict purpose limitation” when it comes to accessing data on the Visa Information System (VIS) and EURODAC system, which is the European fingerprint database for identifying asylum seekers. In the leaked document, the agency suggests to foresee the connection and increased use of these databases in the upcoming review of the VIS framework and in the negotiations of the EURODAC Regulation.

Netzpolitik.org explains that a paper by the German Interior Ministry published earlier in 2016 called for the creation of a European centralised system for the collection of personal data and fingerprints. Read in combination with Europol’s plans, this would mean the merging of VIS, EURODAC and SIS II. According the Ministry, other features could be added later, such as a link to collected air passenger data (Passenger Name Records, PNR).

3. Biometrics

Finally, Europol calls for the increased collection, access and use of biometrics and makes the case that the planned legal revision of the SIS framework should facilitate the cross-matching of biographic and biometric data against Europol systems.

................................................................. Support our work - make a recurrent donation! https://edri.org/supporters/ .................................................................

Moreover, Europol wants to become an “information sharing partner in the Prüm framework”. The Prüm Convention, agreed in 2005 between France, Germany, Luxembourg, the Netherlands and Spain, enables the signatories to exchange data regarding DNA, fingerprints and vehicle registration. The leaked document explains that “Europol will prepare a business case to help explore the possibility to become an information exchange partner in the Prüm framework.” Such access would enable the agency to work with the Member States to “cross-check data”.

According to a recent statement from the EU Commission, the proposal for a regulation establishing an Entry Exit System might update existing databases to enable “the use of facial recognition software in combination with fingerprint recognition software to enable multi-modal biometric matching”.

As the leaked document is merely an implementation of the “Roadmap on information exchange and interoperability”, Europol’s plans are not very surprising. However, it illustrates well how Europol’s surveillance capacities are continuously expanded – while, as previously reported in the EDRi-gram, oversight of the agency’s activities is almost completely lacking.

EDRi: Oversight of the new Europol regulation likely to remain superficial (12.07.2016)

Netzpolitik.org: We publish Europol’s plans until the end of this year: More data, more exchange, more surveillance (02.08.2016)

EU Commission’s answer to a Parliamentary question on facial recognition (12.08.2016):

Prüm Convention

German Interior Ministry: Integrated Identity Management for Travel, Migration and Security in Europe (15.03.2016)

(Contribution by Kirsten Fiedler, EDRi)



24 Aug 2016

France and Germany: Fighting terrorism by weakening encryption

By Heini Järvinen

On 23 August, the French and German Ministers of Interior met in Paris to discuss an initiative that would extend surveillance in Europe and weaken encryption, in the name of the fight against terrorism.

Speaking at a joint press conference, French Minister of Interior Bernard Cazeneuve and his German counterpart Thomas de Maizière called for legislation that would force intermediaries to weaken encryption standards. This would, according to Cazeneuve, allow to “truly arm our democracies on the issue of encryption”. Cazeneuve also explained, failing to notice that the European e-Commerce Directive already contains this obligation, that they want to oblige internet companies to censor illegal content.

The French Ministry of Interior explained its intentions in a tweet: the country plans to ask the EU Commission to put forward an EU-wide measure that would oblige online companies, such as WhatsApp or Telegram, to decrypt communications within the context of police investigations – even if the company’s seat is not in Europe. The upcoming review of the ePrivacy Directive is very likely to become the next encryption battlefield.

These plans do not meet the approval of the French data protection authority CNIL which stated in an Op-Ed in the French newspaper Le Monde that the call for encryption backdoors “is not taking into account the importance of encryption for our security online”.

Cazeneuve first announced his intentions to “launch a European initiative, leading to a more international plan that will permit to face this new challenge” after a French government meeting on security on 11 August. Now Cazeneuve and de Maizière hope to have the issue on the agenda for the next meeting of European leaders in Bratislava on 16 September.

French intelligence services claim to be struggling with intercepting messages from Islamist extremists. However, many of the suspects of recent terrorist attacks were using unencrypted SMS, and were already known to the authorities. The investigation into the Brussels attacks in March 2016 revealed that inefficient intelligence and police work was one of the key factors that failed to prevent the attacks.

................................................................. Support our work with a one-off-donation! https://edri.org/donate/ .................................................................

Encrypted messaging services, such as Telegram, Whatsapp or Signal, can be used for sending text messages, videos and voice messages with a very high level of security. It’s extremely difficult for anyone else but the authorised recipient to read or view messages sent using end-to-end encryption. Today, encryption is used widely across the web to secure e-commerce, banking and many other online services, as well as by journalists, whistleblowers, civil rights defenders and others who need to maintain confidentiality of their communications. As the Report of the United Nations (UN) Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression David Kaye put it,

encryption and anonymity enable individuals to exercise their rights to freedom of opinion and expression in the digital age and, as such, deserve strong protection.

France says fight against messaging encryption needs worldwide initiative (11.08.2016)

Paris wants a global action on encrypted communications (only in French, 11.08.2016)

Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, David Kaye (22.05.2015)

Fraco-German initiative on the European interior security (only in French, 23.08.2016)

Tweet by the French Ministry of Interior (only in French, 23.08.2016): https://twitter.com/Place_Beauvau/status/767998554153648129

Fight against terrorism: Cazeneuve and Maiziere meet in Paris (only in French, 23.08.2016)

French minister: Apps like Telegram must be decrypted for legal probes (23.08.2016)

Attacking encryption to fight terrorism is a wrong target (only in French, 23.08.2016)



24 Aug 2016

Freedom not Fear 2016: 14–17 October in Brussels

By Guest author

Freedom not Fear (FNF) is an annual meeting for civil rights activists from all across Europe. You are invited to join us on 14-17 October, organise discussions on your own topics, and use this opportunity to meet EU politicians!

At FNF, civil society members meet in Brussels for four days to work for freedom in the digitised world. They plan for and engage in action against increasing surveillance and other attacks on civil rights. FNF 2016 is organised by volunteers and coordinated by EDRi member Digitalcourage and via the akv-international mailing list.

................................................................. Support our work - make a recurrent donation! https://edri.org/supporters/ .................................................................

From Friday 14 October to Sunday 16 October, activists meet at Mundo-b to discuss current topics in European data protection, surveillance and more. Topics already planned include surveillance law metrics, the so-called Privacy Shield, biometric RFID passports, the reform of the ePrivacy Directive, and proposed EU contract law.

On Monday 17 October, a visit to the EU Parliament is being organised for meetings with Members of European Parliament (MEPs) and European Commission staff. Participants who stay on for the Monday visit are eligible for travel allowances sponsored by MEPs Julia Reda, Jan Philipp Albrecht and Josef Weidenholzer. For those wanting to benefit from these travel allowances, Digitalcourage has set up an online registration page.

FNF is still looking for volunteers to take on organisational tasks, suggest and run discussions, propose and organise MEP meetings, and more. People wanting to help can simply edit the FNF 2016 wiki pages hosted by AK Vorrat, or contact Digitalcourage by e-mail. Joining the akv-international mailing list is also encouraged.

Freedom Not Fear website

Wiki pages for FNF 2016

akv-international mailing list

Venue: Mundo-b on OpenStreetMap

Register online for travel allowances and accommodation

E-mail contact

(Contribution by Sebastian Lisken, EDRi member Digitalcourage)



24 Aug 2016

Romania: Mass surveillance project disguised as eGovernment

By Guest author

The Romanian Intelligence Services (SRI) has recently been granted EU funds for the project “SII Analytics” to acquire software and hardware for “consolidating and assuring eGovernment interoperability between public information systems”. The project seems to aim at gathering all major state owned databases (e.g. citizens and company registry, health card data, fiscal data) in SRI’s playground. The data would be joined into one large system, through which other public institutions would potentially have unlimited and unwarranted access to the personal data collected.

The project also aims at aggregating data sets from all major public institutions, and at allowing advanced search in order to permit inquiring any type of information about any citizen or resident. Furthermore, the project description includes a chapter on behavioural analysis. Therefore, the system would be able to do complicated analysis, to correlate information cross-databases, and to combine it to other information.

................................................................. Support our work with a one-off-donation! https://edri.org/donate/ .................................................................

Moreover, under the motivation of “preventing fraud”, the system will have facial recognition features. It will include a database of approximately 50-60 million images (probably passport or identity card photos) to which SRI already claims to have unlimited access. As the technical specifications of the project show, one of the declared purposes of the SII Analytics project is to acquire hardware and software for internet traffic interception from instant messaging apps or other similar electronic communications programmes. The official justification is that this is needed for the internal architecture of the system.

If implemented according to plan, the system will have the potential of spying on all Romanian citizens’ and residents’ private life. The project does not include limitations regarding access to the information, nor does it establish a mechanism to ensure an effective control of the system, and of the approximately 1000 people who will be authorised to access it. There is no requirement to notify the data subject (person whose personal data is collected or accessed), or to ask for consent. In short, there is no transparency and no guarantees to limit misuse.

In its decision Bara vs. CNAS & ANAF (201-14), the Court of Justice of the European Union (CJEU) declared it illegal to transfer personal data from one public institution to another without the citizen’s consent and prior notification. With this project, the Romanian National Health Insurance Fund (CNAS) could easily exchange personal data with National Tax Administration Agency (ANAF) though the SII Analytics project, ignoring CJEU’s previous decision.

EDRi member ApTI and three other Romanian human rights NGOs sent a letter on 8 August 2016 to both national and European officials urging the project and the public procurement process to be stopped. At the same time, the signatories signalled the need of introducing, as a necessary requirement for accessing European funds, the interdiction to use such funding for purposes that might violate or limit human rights. At the time of writing this article, there was still no answer from the Romanian authorities.

After the public outcry, SRI declared in a press conference that the massive databases are already in place since 2006. Therefore, with SII Analytics, SRI is not collecting new citizens’ data, the intention is “merely” to have more advanced search and query capabilities for an already existing database system.

SRI also recognises in their presentation of the SII Analytics project that indeed it is not an eGovernment project and it is only conducted for “intelligence purposes”. The EU Commission has therefore plenty of reasons to start an investigation for the misuse of public funds.

Romanian Secret Services uses European Funding for mass surveillance project disguised as eGovernment services:

Romanian Secret Services public statement confirms suspicions regarding mass surveillance:

European Court of Justice decision Bara vs. CNAS (C201-14):

No to surveillance! Public letter (only in Romanian):

Analysis of the technical specifications of the project performed by ApTI (only in Romanian):

OPSI portal – the Portal of the Intermediary Body for Promoting Information Society (only in Romanian):

Romanian Intelligence Services press conference presentation (only in Romanian):

SII Analytics project (only in Romanian):

SII Infrastructure project (only in Romanian):

(Contribution by Valentina Pavel, EDRi member ApTI, Romania)



23 Aug 2016

Copyright reform: Unlocking copyright for users?

By Diego Naranjo


On 8 September 2016, only a few days before the European Commission will announce its plans for a copyright reform, Communia and EDRi will be organising an event to discuss some of they key issues, namely the failures of the current EU copyright law, and the situation of exceptions and limitations. The event “Copyright Reform: Unlocking copyright for users?” takes place at the European Parliament, room 6G1.

The key speakers include members of Communia, Kennisland and EDRi, and the event is kindly hosted by Therese Comodini Cachia MEP (EPP) and Carlos Zorrinho MEP (PASD).

After the presentations and the discussion, we kindly invite you to join us for a lunch in Jan 3q Brasserie.

Please find a detailed agenda of the event here.

If you want to participate in this event, please register by Monday August 29 by sending email to: rsvp@communia-association.org. If you do not yet have an European Parliament pass, please include in your email the following information:

  • First name and family name
  • Date of birth
  • Nationality
  • Type of ID
  • Number of ID

Please notice that without a visitor pass and your passport you will not be able to enter the building!



17 Aug 2016

The EDRi-network working group needs your input! Deadline: August 28


Earlier this year, a number of EDRi-members launched a working group looking at how our network functions. We decided to tackle two subjects: the network itself and how to strengthen the network.

In the first week of September, we will be drafting a document that will help us better understand how the network should function and how we can get it to function optimally. We would love to take on board the feedback of all members and observers, big and small, and of organisations that are (not yet) in our network. Please e-mail us your answers to the following questions by 28 August:

1. What should member organisations contribute to the network?

2. What do member organisations need from the network?

3. What is the role of the Brussels office within, or in relation to,
the network?

4. What risks do you identify and how can we subvert them?

When answering the questions, try to be as concrete and precise as possible. For instance, if you think members should contribute “knowledge”, describe what kind of knowledge you’re talking about, how they should share it and to what aim. Finally, try to think of the best possible scenario within a realistic future.

Would you like to become more involved with the working group? Do you applaud the initiative but think we’re on the wrong track? Please get in touch.

01 Aug 2016

EU Telecom Regulators meet to analyse over 500 000 consultation responses


Brussels, 1 August 2016. Tomorrow, telecom regulators from all over the EU will gather in Brussels for a uniquely challenging task: analysing over half a million responses to their consultation on net neutrality.

Meanwhile, telecom companies are maintaining their attacks on the open internet – this time by pushing to delete paragraphs regarding free speech from net neutrality rules. This move comes after several associations of journalists expressed their concern that net neutrality violations are a threat to online expression and media pluralism. They argue that strong net neutrality rules (including a clear ban on zero-rating) are needed to ensure everybody has an equal opportunity to be heard online.

BEREC, the Body of European Regulators of Electronic Communications, is on a tight schedule. They must publish new rules on net neutrality by 30 August, which leaves them precious little time to process the hundreds of thousands of responses.

This race against the clock has started as BEREC has to carefully take into account more then 500,000 comments from the the public calling for clear net neutrality

, said Thomas Lohninger, net neutrality activist at SaveTheInternet.eu.

The unprecedented number of responses demonstrate the public’s interest for the delivery of unequivocal guidelines protecting net neutrality. Now, the whole world is watching: it may be the most important decision BEREC ever makes

, said Estelle Massé, Senior Policy Analyst at Access Now, member of SaveTheInternet.eu.

BEREC has had to endure increasingly bizarre and aggressive attacks on its role, its expertise and its analysis from big telecoms operators seeking new internet monopolies,

said Joe McNamee, Executive Director of European Digital Rights (EDRi).

The regulators should not be deflected from their hugely important task,

he added.


Net neutrality is the principle that internet traffic must be treated equally. It protects internet users and online services from interference and discrimination by the telecom operators who own internet infrastructure. At stake are basic, fundamental principles: will the Internet remain a vibrant level playing field for business, culture and political speech? Or will regulators let powerful telecom companies put most websites in a “slow lane”, while wealthy corporations pay for special treatment?

In addition to overwhelming public support, the net neutrality movement has also attracted support from a broad range of experts and professionals. 120 entrepreneurs and investors signed an open letter in favour of strong, innovation-friendly net neutrality rules. The scientific community has also joined the fray, with a statement from 126 academic researchers.

One especially prominent proponent is Tim Berners-Lee, the inventor of the World Wide Web, who wrote a joint statement with legal experts Barbara van Schewick (Stanford) and Lawrence Lessig (Harvard) stating that net neutrality is ‘essential to preserve the open Internet as a driver for economic growth and social progress’ and urged regulators to ‘not cave in to telecommunications carriers’ manipulative tactics’.

The telecommunications industry is the main adversary to this broad coalition. This summer, they launched a full-frontal attack on net neutrality in their ‘5G manifesto’, which calls on the EU to water down its net neutrality rules in exchange for investment in new 5G network technologies. More recently, the consultation response from telecom industry associations ETNO and GSMA, published on 19 July, provoked outrage by demanding an almost complete repeal of net neutrality rules including the deletion of all references to the freedom of expression and media pluralism.


29 Jul 2016

Copyfails bonus track: Copyright levies

By Diego Naranjo

The EU is reforming its copyright rules. We want to introduce you to the main failures of the current copyright system, with suggestions on how to fix them. You can find all the Copyfails here.

This article is an additional one – a “bonus track” – to the series presenting Copyfails.

How has it failed?

The “private copying levy” is a surcharge on the price of media capable of making copies. For example, when buying a blank DVD, the price includes a private copying levy (in most EU Member States).

Rights holders, for example record companies or publishers, claim that people making copies of, for example, CDs or DVDs for private use causes them a financial loss. Even if, in some EU Member States, citizens have the freedom to make private copies, levies were created to compensate for these alleged losses. The harm to rights holders has not been clearly proven – no independent credible study on this has been published. Maybe sometimes there really is a cost, but maybe there is a benefit: who would buy a music CD these days if they couldn’t copy it onto an MP3 player or a smarthphone?

Copyright rules, including private copying levies, are implemented quite differently across the EU. This leads to a risk that you end up paying several times for the same thing. You will pay a levy when buying a blank CD to which you copy the music as a backup, a levy on the external hard drive of the computer that you use to make the copy, and as a levy on the device (a tablet or mP3 for example) that you use to listen to the music.

The fact that the rules are not the same everywhere in Europe, gives unfair advantages to some, and hampers fair competition. In the digital “single market”, 22 of the 28 EU Member States impose a levy. Six do not.

The internet has brought with it the possibility to exchange all sorts of files not only copyrighted ones. New compensation models and new business models need to be encouraged, rather than imposing a random payment which does not fit the purpose for which it was invented.


Why is this important?

It has been argued that the levy will support creation. However, under the current situation, it seems to be rather an obstacle. The private copying levies distort the market; it compensates economic loss that has not been clearly demonstrated and appears to have a negative impact on new business models.

Furthermore, consumers might buy products with copyright levies, and even if they never use them for private copies of copyrighted works, they still have to pay.

The cost of levies varies wildly around Europe, which makes the same product more costly for consumers in one country, and cheaper in another. For example, in 2010, there was a levy of 36 euro on a mobile phone with 32MB of memory in Germany. The levy on the same phone was forty times more expensive than the one in Italy, and there was no levy at all in Ireland.

Finally, a study published by Digital Europe shows that it costs 51,2 cents to collect each Euro for EU copyright levies. This is absurd. We need to find new ways to remunerate authors!

Unfortunately this chaos is likely to continue. A meaningful reform is not planned in the upcoming legislation on the creation of a “digital single market”.

How to fix it?


Read more:

EDRi’s response to the to the European Commission’s public consultation on the review of the EU copyright rules

EDRi’s booklet on copyright

Antonio Vitorino: Recommendations resulting from the mediation on private copying and reprography levies (31.01.2013)

What is a Copyright Levy?

Compensation for private copying: an economic analysis of alternative models, Enter-IE.


28 Jul 2016

EDRi is looking for a policy intern

By Kirsten Fiedler

EDRi is looking for an intern to support our advocacy team, located in Brussels. The internship will go from September to mid-December 2016.

European Digital Rights (EDRi) is an international non-profit association of 31 digital civil rights organisations from across Europe. We defend and promote rights and freedoms in the digital environment, such as the right to privacy, freedom of expression, and access to information.

Join EDRi now and become a superhero for the defense of our rights and freedoms online!
Interns receive a monthly remuneration of 750,- EUR.

Key tasks:

  • Research and analysis on a range of policy topics;
  • Monitoring international, EU and national related policy developments;
  • Organising and participating in meetings and events;
  • Assisting with writing of the EDRi-gram newsletter;
  • Assisting with preparing draft reports, presentations and other internal and external documents;
  • Assisting with preparing communication tasks;
  • Development of public education materials.
  • Find out more about internships at EDRi: edri.org/our-internships-at-edri-we-made-digital-rights-matter/


  • A demonstrated interest in and enthusiasm for civil liberties and technology-related legal issues;
  • Excellent research and writing skills – preferably native English speaker;
  • Fluent command of spoken and written English;
  • Computer literacy.

How to apply:

To apply please send a maximum one page cover letter and a maximum two page CV *in English* to kirsten.fiedler(at)edri.org
The closing date for applications is the 12 August 2016.
The interviews take place 16-19 August 2016, starting date is 5 September.