02 Sep 2015

The School of Rock(ing) EU Copyright

By Heini Järvinen

For the first time in nearly a generation, the EU will update its copyright framework. This is a unique opportunity to reform and modernise Europe’s creaking, outdated, ill-adapted rules. Activists interested in taking up on this opportunity will get a crash course in effective copyright activism at a workshop in Warsaw on 5-6 November.

To help prepare activists for the challenge facing all of us, we are cooperating with Communia to organise an event and look for participants for this two-day EU copyright educational workshop – the School of Rock(ing) EU Copyright.


EDRi offers a stipendum of maximum 300 EUR to cover transport and accommodation costs for up to 20 participants of the School of Rock(ing) EU Copyright and the CopyCamp conference in Warsaw. Non-funded participants will also be welcome, of course.

The School of Rock(ing) EU Copyright will take place 5 and 6 November in Warsaw, following the CopyCamp 2015 event which will take place 4 November.

The goals of the School of Rock(ing) EU Copyright are to:

  • inform the participants on the current state of play of the EU copyright reform;
  • provide the tools that can be used to campaign on national level;
  • deepen the understanding of copyright activists of the EU legal and decision-making frameworks;
  • inform participants on how it is possible to influence decision-making in the EU;
  • identify possibilities for sharing of resources and talents such as translation and technical skills;
  • create networks (and develop existing ones) of civil society activists to work together on common goals to reform
  • copyright, in order to have a stronger voice and avoid duplicate efforts.

If you’re interested, please apply by sending an email to brussels@edri.org with the title “Application for The School of Rock(ing) EU Copyright” stating in no more than 200 words why you are interested in attending CopyCamp and the School of Rock(ing) EU Copyright, why you should be selected. We’re looking for people who have experience and/or plan to prepare campaigns on a national level, who can help building online campaigning tools, who have the ability to create networks with similar organisations on national and international levels and general knowledge of the main problems in the current EU copyright system. The deadline for sending the application is 6 September.

In short:
The School of Rock(ing) EU Copyright
Dates: 5-6 November 2015
Location: Warsaw, Poland
Deadline for application: 6 September
Where to send it: brussels@edri.org
Number of funded places: 20

Should you have any questions, don’t hesitate to contact us at brussels@edri.org.


01 Sep 2015

EDRi launches a campaign for online privacy for kids

By Heini Järvinen


Today, we launched a crowdfunding campaign to create a textbook to raise awareness among kids for the protection of their privacy online.

“We want to teach children what they need to consider to protect themselves online,” said Kirsten Fiedler, Managing Director of European Digital Rights. “The goal is to create material, translated into as many languages as possible, that can be used in schools, at home and elsewhere.”

The internet offers children tremendous opportunities to learn and to explore new ideas. However, younger internet users often possess insufficient knowledge of how their reputations can be affected by their interactions online. Sometimes it is not easy to tell who someone really is online, and there are many reasons for which businesses might try to get personal information about kids or their families. Parents and teachers cannot always be on hand, which is why it is important to empower kids to also protect their own online privacy.

The campaign will continue until 15 September, and if it reaches its target of 5000 euro, a textbook to explain how the internet works, with practical examples, exercises and sample lessons, will be published, translated, and distributed around Europe.

You can find the campaign here:


12 Aug 2015

Portugal: “Voluntary” agreement against copyright infringements

By Maryant Fernández Pérez

On 30 July 2015, copyright and related rights-holders associations, the General Inspection of Cultural Activities (IGAC), the Portuguese Consumer Directorate-General, the Portuguese Association of Telecom Operators, the organisation responsible for .pt domain registrations DNS.PT, the anti-“piracy” group MAPINET, advertising associations, and (unidentified) consumer associations agreed on a Memorandum of Understanding aimed at protecting copyright and related rights online.

This “self-regulatory” agreement, facilitated and promoted by the Portuguese government, is expected to enter into force around mid-August 2015. Although it has not been published, parts of its content have been reported by Portuguese news sites and the parties involved.

According to those sources, the agreement will allow the signatory copyright associations to notify MAPINET of websites that contain either a minimum of 500 works which allegedly infringe copyright and/or content providers’ rights, or sites that contain two-thirds allegedly infringing contents. MAPINET will be in charge of gathering the evidence submitted by the associations and will forward a maximum of two wide-ranging complaints to IGAC per month. IGAC then contacts Internet Service Providers (ISPs) to restrict access to the websites through “Domain Name System (DNS) blocking” within 15 working days. It is reported that the blocks expire after a year, unless IGAC determines otherwise. Additionally, the affected websites will be excluded from carrying advertisements.

While the Portuguese government claimed this agreement is a pioneering system in Europe, similar mechanisms already exist, for example in the United Kingdom. Besides their differences, both systems including “voluntary” agreements are detrimental to the right to a fair trial, presumption of innocence, freedom of communication and eventually free expression. As reported (and subject to further examination of the content of the agreement), this Memorandum of Understanding has no evidence that it might be effective, it falls outside the rule of law, has the power to violate human rights online without responsibility for the parties, and lacks transparency.

First, DNS blocking is not effective because it can be easily circumvented, even by accident. When you type to your browser the domain name of the website you want to access, your computer identifies the corresponding IP address. If your ISP blocks that domain address, your access to it will be restricted. However, all that is required to circumvent it is the use of alternative and freely available DNS servers, such as OpenDNS. MAPINET’s Secretary General acknowledged this inefficiency, but expects Internet users not to be “techie” enough, the Portuguese news site SAPO Tek reported.

Secondly, this agreement undermines the rule of law. In fact, privatised enforcement circumvents existing legal protections of human rights and fundamental freedoms online. This agreement is not of a legislative nature and will permit websites to be blocked without a court order. Judicial review will only be available ex post. As an incentive, ISPs will not have to incur in any meaningful cost for the tasks performed under this agreement. In fact, copyright associations will jointly and severally pay for any costs incurred by ISPs and any damages derived from legal actions brought by third parties against ISPs. However, ISPs lack of an incentive to defend human rights and fundamental freedoms online.

Finally, several Portuguese citizens reported to EDRi that their efforts to ask for the publication of this agreement have so far failed. However, article 268 of the Portuguese Constitution and Law 46/2007 entitle citizens to have access to public documents by request. If this right is refused, an appeal before the Portuguese Commission on Access to Administrative Documents (CADA) is possible. One of the most insidious aspects of privatised law enforcement is, of course, that the arrangements are “private”, avoiding the safeguards on which democratic societies are built.

DNS blocking

Self-regulation agreement protects copyright in the digital environment (only in Portuguese, 30.07.2015)

Is online piracy at the end of its days in Portugal? Agreement facilitates website blocking by operators (only in Portuguese, 30.07.2015)

Rapid pirate site blocking mechanism introduced by Portugal (31.07.2015)

ISPs compensated in case of copyright violation (only in Portuguese, 31.07.2015)

Portuguese Commission on Access to Administrative Documents (CADA)

(Contribution by Maryant Fernández Pérez, EDRi)



12 Aug 2015

Netzpolitik.org case: Prosecutor dismissed, inquiry dropped

By Heini Järvinen

As reported previously in EDRi-gram at the end of July 2015, two reporters of a German digital rights blog Netzpolitik.org, Markus Beckedahl and André Meister, were under investigation for treason after the publication of leaked documents revealing plans to expand German internet surveillance. On 10 August, German federal prosecutors announced that the much disputed investigation will be dropped.

When the treason investigation came to light, it raised immediately concerns over freedom of press. Hundreds of journalists, citizens and civil society representatives signed a statement declaring that the investigation for treason and their unknown sources is an attack against the free press, and demanding to end it. Thousands participated in a demonstration organised on 1 August in Berlin to support Netzpolitik.org. A great number of politicians expressed also their concerns.

Following the protests, Germany’s prosecutor general, Harald Range, decided to put the investigation on hold, and stated that he would “await the results of an internal investigation into whether the journalists had quoted from a classified intelligence report, before deciding how to proceed.” On 4 August, Justice Minister Heiko Maas requested Range’s dismissal, after consultations with Chancellor Angela Merkel’s office, and questioned the necessity of the investigation. Range justified his actions, stating that he had to proceed the way he did partly for legal reasons. He criticised the government’s interference into the investigation, and called it “intolerable invasion of the independence of the judiciary”. Following the dismissal of the prosecutor general, it was revealed that the Ministry of Interior had detailed knowledge about every phase of the investigation.

Less than a week after Range’s dismissal, the case took a new turn when the acting federal prosecutor announced that he had concluded, in agreement with the Ministry of Justice, that the leaked documents didn’t constitute state secrets, and that the investigation will be dropped.

The journalists at Netzpolitik.org have asked the German government to confirm if surveillance measures have been put in place by the state in order to monitor their activities. “We want to know concretely if we were the subject of surveillance during the nearly three-month probe,” said Markus Beckedahl in a statement posted on the blog.

Germany’s top prosecutor drops treason probe of Netzpolitik bloggers (10.08.2015)

German journalists celebrate as treason inquiry is dropped (10.08.2015)

EDRi-gram: Leaked documents: German news site Netzpolitik.org investigated for treason (31.07.2015)

Jacob Applebaum: The nightmare is punishment (06.08.2015)

The Statement: The investigation against Netzpolitik.org for treason and their unknown sources is an
attack against the free press

Germany pauses treason investigation into Netzpolitik.org journalists (02.08.2015)

German justice minister to request prosecutor’s dismissal over treason case (04.08.2015)



12 Aug 2015

Facebook patent: Lending based on social connections

By Heini Järvinen

The United States Patent and Trademark Office (PTO) has granted Facebook a patent which could allow “authenticating an individual for access to information or service based on that individual’s social network.” The main use for this technology is to allegedly prevent members of a network from sending spam to other members with whom they aren’t legitimately connected. It could, however, also be used by lenders, to let a borrower’s social network connections determine his or her credit worthiness.

The patent describes the technology that could potentially be used for evaluating credit risks:

“In a fourth embodiment of the invention, the service provider is a lender. When an individual applies for a loan, the lender examines the credit ratings of members of the individual’s social network who are connected to the individual through authorized nodes. If the average credit rating of these members is at least a minimum credit score, the lender continues to process the loan application. Otherwise, the loan application is rejected.”

If used for this purpose, the patented technology could help lenders discriminate against certain borrowers. It’s obviously questionable if having friends with bad credit scores is a valid criterion to assume a person is a bad credit risk, but it’s probable that some banks would nevertheless appreciate this addition to their loan review process. Using this technology for evaluating loans would be particularly harmful for those who have limited or no access to banking services, or those with previous problems with their credit history, and it could push them for more expensive and risky alternatives.

It’s not clear if Facebook’s intention is to ever try to use the patent for lending, and the legality of using it for such purpose is also unclear. In the US, the Equal Credit Opportunity Act defines strictly what information can and cannot be used to determine loan risks, and accessing an individual’s credit report without his or her consent to investigate the credit risk of another individual might not be a legitimate reason.

Facebook and Your Credit (05.08.2015)

Facebook patents technology to help lenders discriminate against borrowers based on social connections (04.08.2015)

Facebook patent: Your friends could help you get a loan – or not (04.08.2015)



12 Aug 2015

Internet censorship redux – under the guise of regulating gambling

By Guest author

On 12 June 2015 a law came into effect requiring the providers of networks and electronic communication services in Romania to block access to gambling sites as well as sites advertising gambling activities that are unauthorised in the country. Internet Service Providers (ISPs) will now be obliged to implement a website blocking system and use it to filter the connections of all their customers.

In 2011, Government Decision no. 823/2011 raised, for the first time, the spectre of Internet blocking at the ISP level. In 2013, Government Decision no. 298/2013 established the National Office of Gambling (ONJN). This institution is, amongst other things, in charge of monitoring online gambling, and has the authority to force ISPs to abide by their rulings. At the beginning of 2014, ONJN started showing signs that it wants to use this authority to force ISPs to implement a website blocking system. Now a blacklist of websites to be blocked can be already found on the ONJN website.

The European Union included in the common regulatory framework for electronic communications networks and services directive the obligation for Member States not to block or abusively restrict the access to the Internet. Article 1(3a) of Directive 2002/21/EC explicitly states that “measures taken by Member States regarding end-users access to, or use of, services and applications through electronic communications networks shall respect the fundamental rights and freedoms of natural persons, as guaranteed by the European Convention for the Protection of Human Rights and Fundamental Freedoms and general principles of Community law.”

The fundamental problem of blocking measures at the ISP level is that they can be considered as a type of censorship of online content, which raises serious concerns on human rights issues, freedom of speech in particular. Web content is unanimously recognised as a type of mass media, and censoring it is against the Romanian Constitution which states in Article 30(2) that “any censorship shall be prohibited” and 30(4) “no publication shall be suppressed”.

From a technical standpoint, there are numerous documented cases worldwide where, depending on the blocking method being used, Internet blocking lead to overblocking that affected legal websites which happened to share an IP address with a blocked website, or instances where websites (such as Wikipedia or Instagram) were blocked in their entirety just because one piece of offending content. The new legislation is not only about the creation of a blacklist containing the unauthorised websites communicated to the ISPs, but also about identifying websites which show advertisements or other marketing or promotional activities that offer links to online gambling sites. There is a real danger of arbitrary decisions enabled by the interpretation of the text of the law: Is a Facebook page a web page? Is a YouTube video a means of promotion? How about a Trilulilu.ro video? If Google.ro presents search results which promote unauthorised gambling sites, will it be blocked? How about Google.com?

Furthermore, the implementation of such a website blocking system means that the tools for Internet censorship will be created and deployed. It would be extremely easy to modify these tools, at a later date, to expand the censorship measures to other subjects. Once the principle is accepted and the technical infrastructure implemented, there is the danger of it snowballing from just illegal/unauthorised gambling into other fields.

For example, the Internet blocking system set up in Italy was initially implemented to restrict access to online gambling. Despite the initial intentions, this has led to websites being blocked in the country for multiple reasons, by multiple institutions. What was a simple blacklist of unauthorised gambling sites in 2006 has grown into a complex list of sites to be blocked, also including sites that have nothing to do with gambling. Unfortunately, Italy is not a unique case. Another similar example is France, which followed a similar path starting from blocking online gambling, just as Italy.

As EDRi has stated in its booklet on Internet blocking, crimes must be punished, not hidden. This should be done with respect to the rule of law, which implies that private companies like ISPs should not be in charge of enforcing these kinds of mechanisms which might lead to restriction of fundamental rights without been proven to be effective, proportional nor necessary. Equally important, we need real action and not cosmetic actions against crimes.

Government Decision no. 823/2011 regarding the modification and completion of Government Decision no. 870/2009 concerning the approval of the methodological norms of Government Emergency Order no. 77/2009 on the organisation and running of gambling operations (only in Romanian, 30.03.2011)

Internet censorship measures coming from ONJN (only in Romanian, 04.02.2014)

The blacklist of sites running unauthorised gambling activities (only in Romanian)

EDRi paper: Internet Blocking

(Contribution by Matei Vasile, EDRi member ApTI, Romania)



05 Aug 2015

Launch of the EU Internet Forum – behind closed doors and without civil society

By Kirsten Fiedler

The European Commission has confirmed to EDRi that it is preparing to partner with US online companies in order to plan the arbitrary monitoring and censorship of European citizens and, contrary to previous assurances, will exclude civil society from these discussions. More disturbingly, this is happening at the same time as the US is preparing the “Cybersecurity Information Sharing Act” (CISA), which grants US companies a “safe harbour” from liability for any damage they cause when enacting counter-measures against security risks.

Last month we reported that, from time to time, the European Commission launches talks with the Internet industry to encourage companies to take “voluntary” action to fight against allegedly illegal or unwanted online activity. Very often, however, these projects seem to be launched or financed without any consideration for lessons learned from past (and mostly failed) enforcement initiatives. Take, for example, the CleanIT project, which proposed that online companies should prevent anonymous use of online services, implement automated detection systems and remove content on the simple request of law enforcement authorities “without following the more labour-intensive and formal procedures for ‘notice and action’”.

In March 2015, a European Union document on the “fight against terrorism” (pdf) charged the Commission with the creation of a “Forum with the Internet service providers community” in order to contribute to Europol’s work (even though this project had been launched a year earlier). Since then, no information has been made public as regards the progress of this “EU Internet Forum”.

Obviously, we wanted to know more and sent an “access to documents” request to the European Commission. In May, the Commission responded, claiming that no documents existed since the forum was not set up at the time of our request. A couple of exchanges and months later, the Commission sent us some – not all – of the requested documents. We received:

These documents reveal that the Commission organised two meetings of the Forum to prepare the official launch of the EU Internet Forum scheduled for the end of the year. These preparatory meetings took place on 27 May and 24 July. Companies were invited to discuss “challenges and scope of engagement in countering online terrorism activity” by, for example, “reducing accessibility” and by challenging “the terrorist narrative online”. An earlier Communication on the EU’s Agenda on Security also stated the objective to explore “the concerns of law enforcement authorities on new encryption technologies” (pdf).

Among the planned activities of the forum are awareness-raising activities for Member States, training sessions and workshops, as well as “reaching out to smaller companies” to enable them to respond to removal requests. A preparatory meeting took place on 27 May and a meeting to “raise awareness” on 24 July.

Despite the fact that the European Agenda on Security initially announced the launch of this “EU-level Forum with IT companies to bring them together with law enforcement authorities and civil society” (emphasis added), we learn from the documents that the Commission did not contact any civil society groups to take part since “it does not directly communicate with community groups or citizens”. The Commission does not explain further why only industry was invited while human rights organisations and NGOs in the field of information technology were ignored. It seems the idea to have civil society on board has been dropped entirely. However, the Commission refers to links on the website of the Radicalisation Awareness Network – apparently in the hope that this would be sufficient to make citizens aware of DG Home’s activities.

In its reply to us, the Commission unfortunately refused to grant us access to preparatory documents of the Forum as it considers that this “could seriously undermine the ability of the Commission and other involved stakeholders to freely exchange their views concerning actions and initiatives to be taken within the IT Forum”. It is clear that discussions regarding activities by online services will directly affect the communications of their customers and therefore ultimately have an impact on citizen’s fundamental right to the freedom of expression. However, human rights organisations and experts in the field of information technologies from academia or civil society do not seem to be considered to be “relevant stakeholders” nor even “interested parties”.

The Commission also argues that it wants to remain “free from external pressure” to explore potential policy options, but some policy options seem already decided, such as including the issue of “detection and removal” of alleged terrorist material (meeting report 7 May) in the upcoming meetings. The EU’s Home Affairs Commissioner Dimitris Avramopoulos is now planning a trip to Silicon Valley to discuss the upcoming launch of the EU Internet Forum – with US service providers.

It is strange that the Commission wishes to remain “free to consider all policy options” while at the same time asking US businesses how online communications should be regulated in Europe. It is even more kafkaesque, when these same US businesses are about to receive near-blanket immunity for activities covered by the draft CISA. This draft Bill grants two new powers to US companies allowing them to launch countermeasures to “cybersecurity threats” and to monitor information systems. The Bill gives immunity to companies for these monitoring activities and whenever they wish to share private data of their customers (including EU customers) with US government agencies – with wide-ranging protection from liability for any damage that they may cause in the process. EDRi-members EFF and Access as well as Fight for the Future are currently campaigning to stop this fatally flawed Bill.

This is a disturbing approach by the US government because, until now, online intermediaries have had little interest in adopting law enforcement roles due to unclear legal protections (“safe harbours”) offered to them in cases where their networks are used for illegal activities. Ever since the failed Stop Online Piracy Act (SOPA) three years ago, the US government has been attempting to change this situation.

In Europe, Member States have the obligation to respect the Charter of Fundamental Rights. However, if measures are applied “voluntarily” by private companies, governments’ obligations under the Charter are not active. Many case studies have shown, private companies limiting fundamental rights in the online space continue, flouting the principle that restrictions on civil and human rights must be based on law (Articles 8 and 10, European Convention on Human Rights; Article 52, European Charter of Fundamental Rights and Article 19, International Convention on Civil and Political Rights).

To avoid another failed project pushing for a privatised law enforcement activities through online service providers, we believe that the Commission should seek expert input to examine whether and how regulation of the European online space by US companies has an impact or unintended consequences for the fundamental rights of European citizens. In January, the EU’s Ministers of Interior emphasised the need to safeguard the Internet, “in scrupulous observance of fundamental reedoms, [as] a forum for free expression, in full respect of the law.”

We agree. Does the Commission?

Also see EDRi’s booklets on the topic:

Human rights and privatised law enforcement

The slide form “self-regulation” to corporate censorship


05 Aug 2015

Our internships at EDRi: We made digital rights matter

By Guest author

During the last couple of months, as EDRi’s interns, through advocacy, campaigning and reporting, we were given a unique opportunity to challenge threats to fundamental rights posed in the context of net neutrality, privacy, personal data and copyright. It was a fruitful and rewarding experience that allowed us to put our theoretical skills into practice while promoting human values of freedom and dignity in the online world.

Here is a short summary of our wonderful journey at EDRi:


During my internship, I had the opportunity to work closely on three currently “hot issues”: data protection, copyright and Passenger Name Record (PNR). Since my arrival at EDRi, I was following the activities concerning these subjects and gained a lot of insight by participating in meetings, conferences and events, reading and analysing documents, as well as monitoring the work progress of three main EU institutions: the European Parliament, the European Commission and the Council of the European Union.

Thanks to the fact that I was following the Data protection reform developments, I have learnt what is behind the mystery known as “trialogue” and how it functions. The European Parliament’s early steps in reforming and modernising copyright was a great chance to see how the work of the Members of the European Parliament (MEPs) evolves and how a document can significantly change from the first draft to the final vote in plenary.

Some of the moments I enjoyed the most were visiting the European Parliament, the Commission and the Council for the first time, listening to different perspectives and interesting debates at the events I attended, contacting and meeting Permanent Representations of the EU Member States, analysing the Data retention legislation in Member States, and learning about encryption and basic tools which can protect my privacy online.

All in all, my time at EDRi has helped me enrich my understanding of the European institutions and their work significantly. Participating in the whole process was extremely beneficial to see and understand how the legislation is made at the EU level and how civil society can influence and be part of this process. I have also realised that advocating for citizens’ rights can sometimes be overwhelming and seem pointless, like in the case of the recently adopted EU PNR proposal. However, analysing Marietje Schaake’s Opinion on human rights in third countries, where the suggestions from EDRi were adopted by the Parliament, assured me that organisations like EDRi definitely play an important role in changing the future into a better one.


During my experience at EDRi, I mainly worked on the Telecom Single Market (TSM) package and on trade agreements. To be honest, I didn’t expect trade agreements to be that relevant to digital rights. Indeed, it was very challenging and interesting to deal with trade law and try to understand how a new generation of free trade agreements could affect fundamental rights such as privacy and data protection, which seemed to be completely unrelated to trade issues at first sight.

During these last months, I had the opportunity to follow the legislative procedure of the European Parliament’s own-initiative report on the Transatlantic Trade and Investment Partnership (TTIP). I participated in a whole range of advocacy activities, like contacting MEPs offices to arrange meetings and participating in these meetings, assisting in the analysis of amendments, contacting Committee secretariats to get information on the legislative procedure, preparing documents for internal use and help drafting documents and analyses. In this context, it was particularly challenging and gratifying to take part in writing the “TTIP and Digital Rights” booklet (pdf).

Along with the internal work of the association, the experience at EDRi also gave me the opportunity to participate in several external meetings. Particularly as regards TTIP, I took part in events organised by stakeholders and think tanks, civil society meetings and events organised by the European Commission.

Concerning the Telecoms Single Market (TSM) which is crucial for a potential legal safeguard of net neutrality, my internship gave me the opportunity to understand how important it is to have early contacts with MEPs and keep them informed with position papers and analyses on your positions. Following the TSM trialogue was fundamental to understand how the European institutions work in practice. Only knowing the ordinary legislative procedure can be useless in Brussels because informal meetings can deeply affect how policies are made. Besides the ups and downs of the trialogue negotiations, it was very thrilling and instructive to be involved in the net neutrality “fight”. On some days, this file taught me how institutions can be obscure, producing text that makes it difficult to orientate yourself in the details of legislation. On other days, it was great to see the results of our work, and to see how civil society associations like EDRi can make a difference at EU level.


Unfortunately, our joyful ride of protecting digital freedoms at EDRi has come to its last stop. It is time to take our suitcases, fully packed with new skills and knowledge, as well as our bursting confidence and even stronger determination to advocate for digital rights, and head off to a new destination where we can put into practice all the knowledge we gained here.

Last, but certainly not least, we want to thank the EDRi Brussels team for being our amazing guides on this journey, supporting us and making us smile even on a grey, cloudy Brussels day.

Off to some new and exciting adventures!

(Contribution by Morana Perušić and Aldo Sghirinzetti, EDRi interns)


31 Jul 2015

Leaked documents: German news site Netzpolitik.org investigated for treason

By Kirsten Fiedler

If it were up to the Federal Attorney General and the President of the German Domestic Security Agency, two reporters of Netzpolitik.org, a German digital rights blog, would soon be in prison for at least two years. Yesterday, the news blog was officially informed about investigations against the editors Markus Beckedahl and Andre Meister. The accusation: Treason under Section 94 of the German Criminal Code:

Whosoever […] allows a state secret to come to the attention of an unauthorised person or to become known to the public in order to prejudice the Federal Republic of Germany or benefit a foreign power and thereby creates a danger of serious prejudice to the external security of the Federal Republic of Germany, shall be liable to imprisonment of not less than one year.

Until this week, the news site was reported merely as witnesses in a case following the publication of documents that revealed a €2.75m project for processing massive online datasets as well as plans for a 75-man unit in the German secret service to monitor Twitter, Facebook chats and other communications. Now however, two authors are accused of treason and as “joint principals”.

Markus Beckedahl, the editor-in-chief of Netzpolitik told EDRi:

We see this as an attack on press freedom. This is clearly an attempt at intimidation against us, other journalists and whistleblowers in order to prevent revelations on how deep the German government and intelligence agencies are involved with the US National Security Agency (NSA).

The last charges of treason against German journalists date back to the Spiegel scandal in 1962. Such investigations of a news site appear to be in breach of the reasoning in the ruling of the German Constitutional Court in the Cicero case in 2007.

Read the original German letter of the Federal Attorney General in full text.

Leaked documents (in German) of the Netzpolitik.org articles, February and April 2015: Haushaltsplan (pdf) and Einrichtung Referatsgruppe “Erweiterte Fachunterstützung Internet” im BfV (pdf)


29 Jul 2015

French Constitutional Council approves sweeping surveillance powers

By Kirsten Fiedler

On 23 July, the French Constitutional Council approved sweeping surveillance powers for intelligence agencies. In its decision, the Council declared almost all provisions constitutional, in contradiction to vehement opposition from civil rights groups, human rights experts, academia and the online business sector. The “Loi Renseignement” (also dubbed the “French Patriot Act”) was passed by the French National Assembly on 24 June and allows intelligence agencies to tap phone and emails without judicial permission.

With regard to the scope of the law, the Council added only a few explanations in order to limit the extensive scope of grounds (the fight against collective violence and terrorism, the defence or promotion of major interests in foreign policy, economy, industry and science) that allow for surveillance by intelligence agencies.

Once the grounds are defined and duly justified, instead of a judicial approval, security officials need to request an authorisation from the newly created “National Committee for Control on Intelligence Techniques” (CNCTR). The Council ruled that the composition of the CNCTR, despite the fact that its members are appointed by political institutions, will be able to provide sufficient oversight and is thus in line with the French constitution. Unfortunately, the Council failed to provide any sort of analysis that would back up this decision.

Only last week, the United Nations Committee for Human Rights stated that the French law “grants overly broad powers for very intrusive surveillance on the basis of vast and badly defined objectives” and called on the French government to “guarantee that any interference in private life must conform to principles of legality, proportionality and necessity”.

France’s intelligence services can now deploy the list of surveillance measures, they now have the power to:

  • require internet service providers to install so-called “black boxes” to collect communications metadata directly from Internet companies, and to use algorithms to automatically flag suspect behaviour online;
  • remotely install trojan horses on personal computers to access camera, microphone and passwords;
  • deploy real-time localisation of a person, vehicle or object;
  • collect metadata via fake relay antennas for mobile phones (International Mobile Subscriber Identity, or IMSI catchers in short) to intercept traffic data and track the movement of phone users in a specific area;
  • carry out surveillance of lawyers, judges, parliamentarians and journalists.

The Council struck down only three of the law’s provisions, including one that would have allowed the services to intercept overseas communications. The problem is that other sections of the law that were not invalidated, clearly give responsibility to these services to act abroad. This is for instance the case of the new Article L. 811-2 of the Code of Homeland Security (CSI). Another provision (Article L821-6 new, CSI) that was invalidated would have allowed intelligence services to carry out surveillance without authorisation from the Prime Minister in “emergency cases” since it considered that this would be a disproportionate interference with the right to privacy. The last provision that was declared unconstitutional concerned the annual budget.

The French civil liberties group La Quadrature du Net regretted that

[t]his decision is extremely disappointing. The judges of the Constitutional Council decided to summarily dismiss the numerous arguments raised in the dozen briefs submitted to the Constitutional Council by many players in the defence of fundamental rights.

While some provisions of this law will now come directly into effect, others first need to be implemented by a series of decrees. However, La Quadrature du Net declared that it now wants to continue its fight, especially on a European level.

UN International Covenant on Civil and Political Rights report (24.07.2015)

EDRi-gram: French surveillance billpushed ahead despite massive criticism (22.4.2015)

Shame on France: French Constitutional Council Widely Approves Surveillance Law! (24.7.2015)

The Loi Renseignement is published in the Official Journal. What now?

(Contribution by Kirsten Fiedler, EDRi)