13 Mar 2019

Record number of calls to the EU Parliament against upload filters

By Epicenter.works

With just two weeks to go until the final vote on upload filters in the European Parliament, one hundred MEPs have pledged to vote against Article 13 of the proposed Copyright Directive. Many citizens feel like their legitimate fears about the future of the internet are not taken seriously as lawmakers insult them as being “bots” or simply “a mob”. Public protests demanding the removal of Article 13 have been announced in 23 European cities.

Thousands of EU citizens have taken part in the pledge2019.eu campaign, picking up their phone and calling their representatives. Since the campaign was launched at the end of February, citizens have called their elected representatives more than 1200 times, and spent over 72 hours on the phone with them. This unprecedented number of phone calls to politicians demonstrates just how much people care about an open, uncensored internet. It also shows that citizens are interested in engaging in European political issues, if you let them. After previous attempts of citizens to reach out to policy makers via social media or e-mail have been discredited as originating from bots or being part of a mob, citizens are now going the extra mile and voice their concern directly to their elected representative.

The damage done to Europe’s democracy by claiming that citizens voicing their concerns are a manufactured campaign is immense. A whole generation of internet users learn that their legitimate fears about the consequences of the proposal on modern everyday cultural expression and media habits are being ignored and ridiculed. In reaction, the protest movement against Article 13 gave itself the slogan “We are no bots”.

Upload filters are quickly becoming a major issue in the upcoming EU elections as demonstrators are joined by a host of experts against Article 13: UN Special Rapporteur on freedom of expression David Kaye warns against the threat for our freedom of expression online, academics specialising in intellectual property law call the proposal “misguided”, the founder of the world wide web Sir Tim Berners-Lee together with other internet emincence warns about the imminent threat to the open internet, and the International Federation of Journalists calls on policy makers to rethink this unbalanced copyright Directive.

On 23 March 2019 several rallies and demonstrations will be organised against Article 13 all around Europe. Concerned citizens still have two weeks left to visit www.pledge2019.eu and make their voices heard.


Save Your Internet


Save Your Internet – Call for a Pan-European Day of Protests on 23 March!

(Contribution by Thomas Lohninger, EDRi member Epicenter.works, Austria)

13 Feb 2019

A study evaluates the net neutrality situation in the EU

By Epicenter.works

Two and a half years after the adoption of the guidelines confirming strong protection for net neutrality in Europe, Austrian EDRi member epicenter.works published a study on the enforcement and status quo of net neutrality. The study entitled “The Net Neutrality Situation in the EU: Evaluation of the First Two Years of Enforcement” examines whether telecom companies are violating net neutrality rules, how regulators are fulfilling their enforcement and supervision duties, and how this affects internet users across the continent.

The study focuses on the most common net neutrality violation in Europe, the practice of “zero-rating”. For this purpose, epicenter.works conducted a complete survey of all zero-rating offers in Europe, including the applications that benefit from the special treatment of having their data excluded from monthly data cap.

The study highlights two important findings:

  1. that zero rating offers cost consumers more, and do not lead to decreased prices as initially expected;
  2. that it’s mostly American online companies who benefit from zero-rated offers (with only three European exceptions).

For consumers, the most compelling finding was the fact that zero-rating offerings seem attractive, because they promise “free” services, but in the end they lead to an increase in the general price level. In markets with zero-rating practices, the price of data increased 2% year-over-year. In markets without zero-rating practices, the price of data decreased 8% year-over-year.

The study finds that since Europe’s net neutrality rules came into effect, zero-rating has spread to all but two EU countries with a total of 186 zero-rating offers in Europe. In some countries the price difference between the applications with special prices and the rest of the internet was up to 70-fold. Among the top 20 applications that benefit from zero-rating, only three are from Europe. Applications and services from EU countries are rarely zero-rated, which leads to the conclusion that the European Digital Single Market likely suffers from these net neutrality violations. The data indicates that most application providers only participate in one to three zero-rating offerings, which clearly shows that this system canot scale to a single market with over 200 mobile operators. In effect, the study shows how end-user choices are restricted and Europe’s Digital Single Market has been fragmented by the new market entry barriers that telecom companies have created.

Although regulators should have a coherent approach to the enforcement of net neutrality, wildly different approaches were found. Some of the rulings in Europe are even contradicting each other, for example in the area of port blocking or congestion management. In some countries the fines for telecom companies for net neutrality violations rise to nine-digit sums, and in others only to four-digit sums. In Portugal and Ireland there was no penalty provision to be found at all, while Ireland currently holds the chairmanship of the Body of European Regulators of Electronic Communication (BEREC) in charge of the net neutrality reform.

Another key finding of the study is that despite BEREC guidelines requiring telecom companies to provide at least a minimum level of transparency on internet speeds, companies are not publishing that information, and regulators are turning a blind eye.

The study also provides information about the upcoming discussion about 5G within the scope of net neutrality , as this argument the Internet Service Providers (ISPs) is already being laid on the table in the upcoming net neutrality review.

The report can be downloaded on epicenter.works’ website, and all of the data sets have been released as open data. The study was supported by Mozilla and the Austrian Chamber of Labour.


Report: The Net Neutrality Situation in the EU (29.01.2019)

Survey of all differential pricing offers in the EEA (29.01.2019)

Net neutrality wins in Europe! (29.08.2016)

Net Neutrality vs. 5G: What to expect from the upcoming EU review? (05.12.2018)

(Contribution by Iwona Laub, EDRi member Epicenter.works, Austria)



05 Dec 2018

Net Neutrality vs. 5G: What to expect from the upcoming EU review?

By Epicenter.works

Since 2016 the principle of net neutrality is protected in the European Union (EU). Net neutrality is a founding principle of the internet. It ensures the protection of the right to freedom of expression, the right to assembly, the right to conduct business, and the freedom to innovate on the internet. These protections came about in no small part due to the work of civil society. A coalition of 23 NGOs worked together for over three years to convince politicians and regulators of the importance of net neutrality. This victory may be called into question when the Body of European Regulators for Electronic Communications (BEREC) reviews its net neutrality guidelines in 2019.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

The net neutrality protections in the EU consist of two layers, a legal and regulatory one. The legal basis for the protections is part of an EU Regulation, which takes precedence over national law and is directly applicable in all Member States as well as the further three countries in the European Economic Area (EEA) Norway, Iceland and Liechtenstein. This Regulation gives the independent national telecom regulators the power and the mandate to protect net neutrality in their respective countries. To ensure that these 31 independent regulators apply the Regulation uniformly throughout the EU and EEA, they must take “utmost account” of the guidelines on net neutrality that were issued by the European umbrella organisation of all telecom regulators, BEREC. These BEREC net neutrality guidelines present very detailed recommendations on what net neutrality actually means in Europe.

The Regulation prescribes that the European Commission has to submit an evaluation report by 30 April 2019. For this purpose, it has outsourced part of the work to the consultancy firm Ecorys and the law firm Bird & Bird, which is famous for assisting the telecom industry in resisting net neutrality protections. This has led to the peculiar situation that regulators and civil society have to answer questions about the strengths and weaknesses of the Regulation to the same office of Bird & Bird that EDRi member Bits of Freedom faces in court in a case based on the same Regulation. Several NGOs, including EDRi, EDRi member epicenter.works and others have sent an open letter to the Commission pointing out this conflict of interest, but the Commission has not fully addressed these concerns.

It seems the European Commission will not reopen the Regulation, considering the elections to the European Parliament in May 2019 and the following reshuffle of political power in the European Union. On the other hand, BEREC conducts itself transparently and has already announced on several occasions that it intends to review its net neutrality guidelines. Since the release of BEREC’s draft work programme for 2019, we also know that this review is planned to start in 2019 and will lead to new draft guidelines, followed by a public consultation process in late September 2019.

What is to be expected of this review? The telecom industry has made clear what they want to talk about: 5G. The new mobile network standard has not even been fully specified, but it is already the biggest talking point of the telecoms industry and is used to call into question existing net neutrality protections around the world. With the US having stepped away from their 2015 Open Internet rules, Europe is now the first major world region that tries to bring 5G in line with net neutrality. This debate has a technological and political side. Technologically, 5G brings a new option for telecom operators to deepen their control over the information flow. It is called “network slicing” and it brings differentiated Quality of Service policies to the radio access network. The scenarios range from preferential treatment for premium subscribers at the expense of everyone else to a complete segmentation of the internet with granular control of the network over every application.

Whether the application of this new industry standard has to follow existing telecom law or whether the law should adapt to the standard ought to be an easy question to answer, but this might not be the case. For example, at the recent global Internet Governance Forum (IGF) in Paris, representatives of telecom giants Vodafone and AT&T strongly argued for loosening existing net neutrality rules in order to make a 5G-rollout more economically viable.

5G offers providers far more control when it comes to giving preferential treatment to individual applications or internet subscribers, but it also brings interesting new features like specifying a low energy network slice, which could be used for example by solar powered Internet of Things (IoT) devices. BEREC has taken it upon itself to tackle this issue upfront. This means that regulators will decide if the strong protections against the abuse of exceptions to the net neutrality in the Regulation (so called “specialised services”) will be upheld.

If Europe follows the push of the telecom industry to water down the implementation and enforcement of its net neutrality rules and allows a two-tiered internet system built on a sliced up 5G network, this could have serious ripple effects in the rest of the world. Should the US and Europe allow 5G to become the exception to net neutrality, the end of the open internet will become a question of the roll-out of the next mobile network technology.

The final guidelines in Europe comes quite close to the US 2015 Federal Communications Commission (FCC) Open Internet rules. Particularly regarding the issue of zero-rating, the guidelines do not offer a so-called “bright-line rule”. This means that the final decision on the legality of commercial offers that discriminate between applications based on price is left to the regulator. While zero-rating offerings are now on the market in all but one European country, not a single regulator has prohibited such offer. Especially low income and young internet users are affected by this strong incentive to only use well-established internet services.

The reform of the net neutrality guidelines should tackle this issue. The Regulation clearly states that there are cases in which regulators have to intervene against zero-rating. While a bright-line rule banning zero-rating would be the best possible outcome, at the very least more guidance has to be given to regulators when it comes to different forms of economic discrimination that are clearly harmful to end-user rights. EDRi member epicenter.works will publish a report on the net neutrality situation in Europe in early 2019, including a mapping of zero-rating offers in the European market.

This article is an adaptation of an article previously published by EDRi member epicenter.works: https://en.epicenter.works/content/net-neutrality-vs-5g-what-to-expect-from-the-upcoming-reform-in-the-eu


BEREC Guidelines on the Implementation by National Regulators of European Net Neutrality Rules

How we saved the internet in Europe (04.10.2016)

(Contribution by EDRi member epicenter.works, Austria)

07 Nov 2018

NGOs urge Austrian Council Presidency to finalise e-Privacy reform

By Epicenter.works

EDRi member epicenter.works, together with 20 NGOs, is urging the Austrian Presidency of the Council of the European Union to take action towards ensuring the finalisation of the e-Privacy reform. The group, counting the biggest civil society organisations in Austria such as Amnesty International and two labour unions, demands in an open letter sent on 6 November 2018 an end to the apparently never-ending deliberations between the EU member states.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

It is today 666 days since the European Commission launched its proposal. The e-Privacy regulation is an essential aspect for the future of Europe’s digital strategy and a necessity for the protection of modern democracies from ubiquitous surveillance networks. Echoing European citizens rightful demands for protections of their online privacy, the organisations ask the Austrian Presidency to lead the way into a new privacy era by concluding the e-Privacy dossier by 2019.

The letter comes in a context in which a parliamentary inquiry from the Austrian Social Democratic party tries to shed light on the lobby connections of the Austrian government regarding the hampering of secure communications for its citizens. Right now, the Austrian government’s position is closely aligned with the interests of internet giants like Facebook and Google, big telecom companies and the advertisement industry.

The Austrian government has recently fast-tracked negotiations on the controversial e-evidence proposal, which would weaken the rule of law and foster further surveillance of citizens’ online behaviour. This is a stark contrast to the meager effort Austrian representatives put into negotiations around legislative proposals that aim to protect the fundamental right to privacy – a topic missing from the Austrian Council Presidency agenda.

In order to ensure that e-Privacy laws will not be used as excuse for the establishment of new repressive instruments, epicenter.works demands a clear commitment to the prohibition of data retention. Data retention has been found unconstitutional in different European countries, while epicenter.works was plaintiff in the 2014 proceedings of the European Court of Justice (ECJ) annulling the data retention directive. A circumvention of the ECJ’s ban through the e-Privacy regulation could expose EU citizens to indiscriminate mass-surveillance and severely undermine trust in EU institutions.

Open Letter sent to Austrian Government (in German only, 06.11.2018)

Parliamentary inquiry from the Austrian Social Democratic Party (in German only, 29.10.2018)

Council continues limbo dance with the ePrivacy standards (24.10.2018)

ePrivacy: Public benefit or private surveillance? (24.10.2018)

ECJ: Data retention directive contravenes European law (09.04.2014)

(Contribution by Thomas Lohninger, EDRi member epicenter.works)



07 Nov 2018

Brussels up close – Experiences from the EDRi exchange programme

By Epicenter.works

Learning and knowing abstractly how the EU works is one thing, seeing it up close and doing advocacy work right there is quite another! I am a Policy Advisor for the Austrian EDRi member organisation “epicenter.works – for digital rights” and, in October 2018, I spent two weeks with the EDRi office in Brussels. My aim was to get a better understanding of EU law making and advocacy.

Having a background in the field of criminology and law, I was excited to start right away with a rather new dossier on cross border access to data in police investigations: the e-Evidence Regulation. We will probably have to work on e-Evidence for a long time and I am glad to have had the opportunity to familiarise myself early on with this dossier and discuss its many flaws – several of which are quite intricate – with the EDRi policy team.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

Working in Brussels in person has been a big step forward for me in understanding EDRi’s policy work and will enable me to make a better contribution to it in the future. I took part in developing a strategy for proposed amendments that I have started working on during my stay there. As part of EDRi’s e-Evidence working group, I will continue this work on both a national and EU level.

In what at times felt like quite a meeting-marathon, I have had the chance to accompany Maryant Fernandez Perez and Chloé Berthélémy to meetings on e-Evidence with several national Permanent Representations to the EU. I also attended an event organised by the German region North Rhine-Westphalia with German European Commission officials, the European Parliament, the German bar association and police forces on the topic.

As if all that was not enough, I was also briefed on and have familiarised myself with the Terrorism Regulation, and the current state of plans for an ePrivacy regulation. On these dossiers I joined Joe McNamee, Diego Naranjo, Yannic Blaschke and Estelle Massée (Access Now) in meetings with companies and stakeholders. It is an important experience to see how different such meetings can be shaped, depending on the strategy (our own or that of our interlocutors), the culture of the country, company or institution, the knowledge of the dossier and the extent of agreement and so on.

It was also instructive to experience EDRi’s coordination with its member organisations from the other side and see the planning and communication that goes into the adoption and execution of joint strategies among EDRi and its many members. I want to thank the entire EDRi team for welcoming me warmly and for making the exchange program a truly great experience. Many thanks also to the Digital Rights Fund for the financial support of my travel!

Finally, I want to recommend this exchange to any EDRi member. Sometimes it is small things that matter, like hearing Maryant say in her introductory words of a meeting: “We are here to represent 39 member organisations all over Europe” and see and experience what those words mean in practice. It is a fact I knew, of course, but its effect can seem elusive at times, when working on the fronts of national politics, having Brussels only in the back of one’s mind. Therefore, I recommend going to Brussels and seeing from up close how EU politics are made and experience what EDRi is and how it works. Spoiler: EDRi is important and it works best in close cooperation with its members.


12 days of digital rights in Brussels. Was it Christmas?

EDRi’s “Brussels Exchange Programme” – turning theory into practice (07.02.2018)

(Contribution by Angelika Adensamer, EDRi member epicenter.works, Austria)



23 Apr 2018

Civil society urges Portuguese telecom regulator to uphold net neutrality


On 23 April 2018, 13 civil society organisations submitted a complaint to the Portuguese regulator on one of the most extreme net neutrality violations in Europe, urging them to use their authority to prohibit so-called zero-rating offers.

Portugal features the worst net neutrality violations we have seen in Europe to this day. It is hard to imagine how an independent regulator cannot find those offers in violation of EU law.

said Thomas Lohninger, Executive Director of epicenter.works, a member organisation of European Digital Rights (EDRi). “In this complaint, we present legal and economic evidence that, by all criteria of the EU net neutrality rules, these products should be prohibited”, he added.

The European Union (EU)’s net neutrality rules protect European citizens’ right to a free and open internet. They came into effect in April 2016. The Body of European Regulators for Electronic Communications (BEREC) laid down guidelines to clarify certain aspects. Despite the protections these guidelines offer, we have witnessed a dramatic increase in net neutrality violations in Europe, particularly zero-rating offers. This practice makes using certain applications more expensive than others. To date, very few regulators in the EU have decided to intervene against such offers, despite having authority to do so.

In Portugal, the three largest mobile operators, MEO, Vodafone and NOS, hold a combined market share of more than 95%. All of them offer zero-rating products that give preferential treatment to dominant internet companies like Facebook and Google. This is while the country ranks among the worst in Europe when it comes to the price and availability of mobile data download capacity, and the zero-rating offers in question are far cheaper than any other data volume a Portuguese citizen can buy. The telecom companies decide in an intransparent process which internet services are included in the zero-rating offer. The operator can exclude services from the offer at any time without being accountable to their customers.

In March 2018 the Portuguese regulator ANACOM finally decided to start a formal assessment of this offer and came to the conclusion that the telecom companies offering these products are allowed to continue. ANACOM’s draft decision is now subject to a consultation, and 13 civil society organisations (NGOs) have written a joint submission to urge the regulator to change its position. As part of this submission the NGOs present statistical evidence based on data from the European Commission that zero-rating has a detrimental effect on the price of internet access. “In general, prices for mobile data volume in Europe fell by 8% from 2015 to 2016, except in markets where zero-rating products are offered. There, prices increased by 2%”, said Thomas Lohninger.

The EU protections for net neutrality will soon undergo a reform. BEREC is currently conducting a public consultation on the guidelines for national regulators it passed in 2016, and the European Commission is expected to publish its evaluation of the underlying regulation by April 2019. EDRi and its member organisations will continue to fight for net neutrality, sharing its analysis with regulators, legislators, and the courts.

Submission of 13 civil society organisations to the Portuguese regulator (19.04.2018)

Portuguese ISPs given 40 days to comply with EU net neutrality rules (07.03.2018)

Video: Net Neutrality Enforcement in the European Union (29.12.2017)

Net neutrality wins in Europe! (29.08.2016)

BEREC Guidelines on the Implementation by National Regulators of European Net Neutrality Rules (30.08.2016)

Zero rating: Why it is dangerous for our rights and freedoms (22.06.2016)

SaveTheInternet.eu campaign (2013-2016)


* This press release was updated to change “To date, not a single regulator in the EU has…” to “To date, very few have decided to intervene against such offers, despite having authority to do so”.

18 Oct 2017

Success Story: A win on Austrian surveillance legislation

By Epicenter.works

The security debate in many countries shows an alarming trend towards restrictions of fundamental rights that liberal societies have codified in the past centuries. Particularly in the field of surveillance, recent legislation often goes beyond what has been deemed constitutional by courts and lacks any fact-based justification as to how those measures are supposed to prevent or mitigate serious crime. Advocacy groups rarely achieve a victory in this debate. Hence, it is worth taking a closer look at a recent example from Austria where such legislation was prevented by EDRi member NGO epicenter.works.

In January 2017, the Austrian government agreed to a “security package”. The proposed legislation spanned over several seemingly unconnected areas from the legalisation of government spyware, restrictions of the right to assembly, real-time CCTV systems, a centralised database for registered license plates (piggybacked on existing legislation for license plate tolls), IMSI catchers, a prohibition of anonymous pre-paid SIM-cards, and the arrest of people who pose “potential threats” before convictions or even charges.
Epicenter.works published an analysis of the government agreement on the day of its release and started a campaign called “surveillance package”. In the course of seven months, 10 out of 12 proposed measures were abandoned. This is how epicenter.works reached these outstanding results in its campaigning.

Separating the security debate from the surveillance spiral

Terrorism in Europe is much like a wasp trying to destroy a china shop. The wasp alone can never achieve its aim, but if people react with panic, the result will be destruction.

The hard truth is is that modern terrorism with cars and self made bombs can never be completely avoided. Political decisions are rarely guided by facts and analysis of previous attacks to reduce the chance of future incidents (due to the political need to propose “something” to reassure the population). Instead, they rely on the assumption that increased surveillance automatically leads to more security. In an effort to stress that this is a fallacy, epicenter.works coined the term “surveillance package” and made it clear that these reforms are unlikely to bring about a higher level of security. By the end of the campaign, this wording was picked up not only by the whole opposition, but also by media, which was a great success.

The “surveillance package” proposed by the Austrian government had the same central weakness as most recently proposed surveillance measures in Europe: their complete lack of justification in quantifiable criminological measurement. Part of the “surveillance package” campaign was to define an “objective security package” with measures that are actually adequate and important for security – such as multilingual police and better police training – none of which includes more surveillance powers. This builds on epicenter.works’ attempts to create a scientific concept to evaluate anti-terrorism measures.

----------------------------------------------------------------- Support our work with a one-off-donation! https://edri.org/donate/ -----------------------------------------------------------------

When a government restricts the fundamental rights of its citizens, the burden of proof always lies with the legislator as to why those restrictions are efficient, necessary, and proportionate. Questioning the security benefits of the proposed laws helped tremendously to undermine them as ineffective and purely opportunism-driven surveillance legislation.

Combine jurisprudence, technology and design in one team

From the first draft of the government’s work program to the proposed legislation epicenter.works provided an in-depth analysis from a legal and technical perspective. The complex analysis was complemented by single page synopses of important questions and infographics. Three press conferences, eight demonstrations in six cities, and thousands of tweets, videos, and images, as well as countless discussions with politicians and other stakeholders followed. The outcome was a combination of policy-driven and campaign-driven approaches that had great impact.

Make the many voices heard

For the first iteration of this campaign epicenter.works developed a new telephone tool that allowed citizens to subscribe to daily calls with their representatives. In a second stage, the campaign publicised the parliamentary consultation of the proposed legislation to a wider public thereby eclipsing all previous consultations threefold with a total of 18 094 responses, crashing the consultation website. In the final stage, all 6 350 public statements were analysed and visibility given to the arguments of institutions like the Austrian high court, the lawyers’ association, and the Red Cross.


The main lesson to take away from this is that one size doesn’t fit all. The “surveillance package” campaign was a success thanks to the diversity in methodologies, flexibility to react to new circumstances, and a multidisciplinary team of experts, grassroots campaigners, and media strategists. However, the most important detail that allowed this success was reframing the discussion away from surveillance and towards a broader security debate. In that new framing, privacy advocates will be able to propose more effective and fact-based solutions that do not rely on surveillance.

Surveillance package campaign (only in German)

Requirements for a comprehensive surveillance footprint evaluation (only in German)

(Contribution by EDRi member epicenter.works, Austria)



12 Jul 2017

Net Neutrality: BEREC misses opportunity to lead the way

By Epicenter.works and IT-Pol

In November 2015, the European Union adopted the Net Neutrality Regulation (2015/2120), which contained a number of compromises that needed clarification. The Body of European Regulators for Electronic Communications (BEREC) was given the task of developing implementation guidelines to ensure a consistent application of the Regulation throughout Europe and, in practice, settle the remaining ambiguities of the adopted Regulation. After a public consultation to which almost half a million citizens responded and demanded strong net neutrality, BEREC adopted the guidelines in August 2016. The outcome of this process was a legal framework with robust and clear protection for net neutrality, which was applauded all around the world.

The fight for net neutrality in Europe did not, however, end there. The National Regulatory Authorities (NRAs) in the Member States of the European Union (EU) and European Economic Area (EEA) must now enforce the Regulation to ensure that all end users – consumers as well as Content and Application Providers (CAPs) – enjoy the full benefits of net neutrality.

The net neutrality landscape and the challenges faced by NRAs varies greatly throughout the 31 EU/EEA countries, but there are number of common tasks that all NRAs will have to consider. An example is certification of monitoring systems (software) for detecting possible net neutrality violations and empowering users to find out the actual speed of their internet connection.

----------------------------------------------------------------- Support our work with a one-off-donation! https://edri.org/donate/ -----------------------------------------------------------------

In March 2017, the BEREC Net Neutrality Working Group invited stakeholders to present their views on measurement methodology and net neutrality supervision tools. At the stakeholder meeting with end-users and CAPs on 14 March 2017, EDRi was invited and represented by EDRi members epicenter.works (Austria) and IT-Pol (Denmark). The message from EDRi to BEREC was clear: the net neutrality measurement system in Europe should be based on open data, open source software and open, peer-reviewed methodologies, to ensure the full transparency and trustworthiness of the measurement results. Measuring internet quality was for a long time an area with just a few, mostly outdated and complicated software solutions. The mandate of NRAs to certify such software is a huge opportunity to combine forces and create a professional measurement system that not only solves this common problem in Europe, but also around the world. By opening up the data pool of measurement results, the regulators would invite independent researchers, consumer protection organisations and civil society to look for potential net neutrality infringements and create a better understanding of the internet in Europe.

Citizens should be encouraged to measure their internet connection as often as possible. This would allow them to test if they actually get the contractually agreed internet speed, and if their provider is tinkering with their connection by blocking or throttling applications they are using. Creating such measurement system would have the added benefit of respecting European data protection standards, by respecting informed consent and minimising information that can identify individual users, such as IP addresses.

At the stakeholder meeting, EDRi also pointed out the importance of securing funding for independent civil society projects like Respect My Net, where citizens can report cases of net neutrality violations and see reports of possible violations from other end users. Projects like this are necessary because net neutrality violations often go unpunished by the regulators. Besides the comments presented in the meeting, EDRi also submitted a written stakeholder response (pdf) to the BEREC Net Neutrality Working Group.

On 7 June 2017, BEREC presented a draft document on Net Neutrality Regulatory Assessment Methodology for public consultation. This document was published more than a year after the Net Neutrality Regulation went into effect and it is underwhelming, to say the least. EDRi member epicenter.works submitted a consultation response, supported by EDRi members IT-Pol and Access Now, as well as EDRi observer Xnet.

On some technical matters, the BEREC draft document gives a lengthy explanation of basic principles of network measurement. However, on the important points of collaboration between regulators, BEREC holds no position. It proposes no common solution for measurement software, it does not recommend an open source or open data approach which would allow inter-operability, and it does not even acknowledge that NRAs should certify any measurement software at all. This indicates that opinions between Member States vary greatly and that there was no easy consensus. However, the consensus on a measurement methodology cannot be harder to find than on net neutrality. It is BEREC’s role to lay out a path for collaboration between regulators. To quote the current Chair of BEREC Sébastien Soriano:

BEREC [is] expected to be an important part of the process for identification of solutions to problems and would be unsympathetic to those who offered only excuses for inaction.

On some other matters, BEREC is choosing a technical solution which is even turning a blind eye towards a common problem for many internet users – congestion. In the draft measurement methodology BEREC is proposing to measure speed only with multiple HTTP connections to a single test server located in a national internet exchange point (IXP). This setup is inadequate for finding possible net neutrality violations since multiple HTTP connections are less likely to show congestion issues. Also, using a single server means that some Internet Service Providers (ISPs) can easily prioritise the traffic to this server. This illegal type of traffic management has been documented by some ISPs in the past and would undermine all measurement efforts if it were allowed to continue.

The draft document from BEREC mentions that NRAs are not required to establish or certify a monitoring mechanism, and that a certified monitoring mechanism will not be available in some Member States. While the Regulation does not formally establish an obligation for NRAs to certify measurement software for end users, there is a clear obligation to closely monitor and ensure compliance with Articles 3 and 4 of the Regulation. This task will be very difficult to accomplish if the NRA cannot receive reliable input from end users due to a lack of certified monitoring mechanism or software. Without measurement software, the public is blind towards potentially illegal traffic management practices and consumers are stripped of their right to exit contracts where the ISP is not delivering the promised speed. In light of the need to measure the general quality of internet access services (IAS) in Europe, in order to make sure that specialised services do not deteriorate the quality of the IAS, it would be vital to establish a historic data set. This is particularly necessary before the rise of 5G prompts new specialised service experiments by telecom operators.

Rather than simply pointing out that the Regulation does not formally require a certified monitoring mechanism, BEREC should more actively encourage NRAs to co-operate in developing certified measurement methodologies. If all NRAs work on developing their own software, a lot of work is likely to be duplicated, and there will be no comparability of the different subsidiaries of the big telecom companies in Europe. The smaller Members States would benefit greatly from such a cooperation between NRAs, and BEREC is the natural forum for coordinating this activity.

EDRi: Net neutrality wins in Europe! (29.08.2016)

Written response to questions for BEREC stakeholder meeting with representatives of end-users and CAPs (14.03.2017)

Respect My Net

Draft Net Neutrality Regulatory Assessment Methodology, BEREC (07.06.2017)

Consultation response to BEREC on Draft Net Neutrality Regulatory Assessment Methodology, submitted by EDRi member epicenter.works (05.07.2017)

(Contribution by Thomas Lohninger, EDRi member epicenter.works, Austria and Jesper Lund, EDRi member IT-Pol, Denmark)



03 May 2017

Member Spotlight: epicenter.works

By Guest author

This is the sixth article of the series “EDRi member in the Spotlight” in which our members have the opportunity to introduce themselves and their work in depth.

Today we introduce our Austrian member epicenter.works.

1. Who are you and what is your organisation’s goal and mission?

We are epicenter.works (formerly AKVorrat.at – Arbeitskreis Vorratsdaten Österreich, Working Group on Data Retention) from Austria, a non-profit organisation committed to the preservation of fundamental rights in the digital age and a pluralistic society.

2. How did it all begin, and how did your organisation develop its work?

In the course of taking action against the data retention law in Austria, a group of lawyers, technicians and concerned citizens founded our NGO. We organised one of the most successful citizens’ initiatives in Austria, collecting 106 067 signatures, and successfully contested the national implementation of the Data Retention Directive before the Austrian Constitutional Court (VfGH), supported by 11 167 plaintiffs. Combined with an Irish case, our complaint lead to the complete annulment of this Directive by the Court of Justice of the European Union (CJEU) in April 2014. Because of the massive support from civil society in this case, AKVorrat decided to continue its work of defending civil rights in the digital age. For more than two years, we have been operating a back office with a small number of employees, but our work would not be possible without the many helping hands and volunteers who support us.

Photo: Arbeitskreis Vorratsdaten

3. The biggest opportunity created by advancements in information and communication technology (ICT) is…

… global access to information and the chance to build networks of like-minded people around the globe. Additionally, ICT has the potential to enhance citizen participation, transparency and the democratic accountability of policy and decision-making.

4. The biggest threat created by advancements in information and communication technology is…

… a whole new approach to mass surveillance, and the possibilities it offers for repression of entire sections of society as well as individual critical minds. History shows that surveillance technologies carry the potential to be misused not only by autocratic governments, but also by democratic states that generally abide the rule of law.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

5. Which are the biggest victories/successes/achievements of your organisation?

Our most important success, benefitting all citizens of the European Union, was the annulment of the Data Retention Directive (2006/24/EC) by the CJEU in 2014, in a joined case with EDRi member Digital Rights Ireland. We are also proud of our leading involvement in the savetheinternet.eu campaign, fighting for strong net neutrality rules in Europe.

6. If your organisation could now change one thing in your country, what would that be?

We would introduce a mandatory impact assessment of new surveillance measures before their implementation in law. This assessment is necessary in order to safeguard our fundamental rights and return security policy back to what is factual and effective.

7. What is the biggest challenge your organisation is currently facing in your country?

In January 2017, the Austrian government published an updated working program which introduces a whole new set of surveillance measures. These measures range from comprehensive, networked camera surveillance with real-time picture streaming, government malware to monitor encrypted communication, and a new attempt at introducing telecoms data retention, to mandatory registration of prepaid SIM cards, and monitoring of vehicle number plates. The laws implementing these measures are likely to be adopted by the end of 2017, and we are currently running a nationwide campaign to educate citizens on the proposed measures and to convince politicians to respect citizens’ fundamental rights.

8. How can one get in touch with you if they want to help as a volunteer, or donate to support your work?

You can reach us via e-mail, Twitter and Facebook, visit our website, and check out the website of our campaign to prevent a whole new bundle of surveillance measures proposed by the Austrian government.


epicenter.works Facebook

epicenter.works Twitter

Stoppt Das Überwachungspaket! – Campaign website against the surveillance measures proposed by the Austrian Government (only in German)

Member in the spotlight series

(Contribution by EDRi member epicenter.works, Austria)



08 Feb 2017

Proposed surveillance package in Austria sparks resistance

By Guest author

The Austrian coalition parties have renegotiated their government programme in January 2017. This new programme contains a so-called “security package” that encompasses the introduction of several new surveillance measures and additional powers for the Austrian security agencies. These changes in the law are to be implemented by June 2017.

However, so far no evaluation of already existing surveillance measures and investigatory powers has been carried out. Furthermore, it is doubtful that the new measures will bring about an increase in security, whereas they will severely limit fundamental right to privacy and dial back on existing data protection measures.

The following measures are outlined in the newly agreed government programme:

Networked CCTV monitoring: The Austrian Minister of the Interior Wolfgang Sobotka has repeatedly demanded “all-encompassing surveillance” of public spaces by linking already deployed CCTV cameras operated by both private and public entities, and even transmitting the footage to investigative authorities in real time. The implementation of this kind of surveillance apparatus would effectively create a true panopticon affecting every citizen. However, in light of the terrorist attack in Nice in mid-July 2016 on a promenade monitored by several surveillance cameras, any preventive effect of the surveillance of public spaces is highly doubtful, even with respect to conventional crimes: The Police Directorate of Vienna has removed 15 out of its 17 CCTV installations during the recent years due to high operating costs and no discernible benefits in combating crime.

Automatic license plate recognition: The government wants to implement a system which would recognise all licence plate numbers and retain details of the movements of all vehicles on Austrian highways. In 2007, the Austrian constitutional court decided in a similar case (Section Control) that surveillance of car drivers is only permitted for a few determined routes and that number plate information can only be retained if the vehicle was driving too fast or is on an official wanted list. The new government programme facilitates an unjustified storage of movements for all vehicles, which is very alarming.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

Government spyware: In 2016 there was a legislative proposal to legalise the use of government spyware on electronic devices of Austrian citizens. Due to massive criticism from a legal and technical perspective, the Austrian Minister of Justice Wolfgang Brandstetter withdrew the proposed law. In 2008 a commission of constitutional experts under Professor Bernd-Christian Funk came to the conclusion that government spyware is not in line with Austrian constitutional law. Nonetheless, the Austrian government has started a third attempt to pass a legal basis for this unconstitutional measure.

Data Retention Directive 2.0: The Austrian data retention law was abolished by the Austrian constitutional court in 2014 due to its unconstitutionality and violation of fundamental rights. The European Court of Justice (CJEU) confirmed this decision in December 2016 by passing an even further reaching verdict against this type of unfounded mass surveillance. Nevertheless, the new government agreement contains plans for a “quick freeze” based retention of telecommunication data. The final legislative text will have to be scrutinised carefully to define if it is in line with recent CJEU rulings.

Registration of prepaid SIM cards: The Austrian government plans to forbid unregistered prepaid SIM cards and thus to eliminate a way of communicating freely and anonymously with family members, help lines, and persons of trust (such as lawyers). Criminals can easily circumvent this by using foreign SIM cards or online messaging services, making the measure ineffective and disproportionate.

“Subversive movements”: It must be possible to criticise the state or institutions. The government wants to establish a criminal offense for the expression of opinions which undermine the authority of the state. This is a crucial development which stands against the fundamental principle of freedom of expression.

Electronic tags for non-convicted “endangerers”: Another critical demand in the security package is the introduction of electronic tags – a surveillance device locked to an individual’s body – for “endangerers”. But the term “endangerer” (“Gefährder”) is legally not defined and the federal government calls such a person a potential disturber and refers to an “abstract endangering situation” (“abstrakte Gefährdungslage”). So far, electronic tags have been used only for convicted perpetrators or in cases of strong suspicion. This extended use of electronic tags is highly problematic as it violates the principle of presumption of innocence. Similar discussions are ongoing in Germany.

Resistance has been mounting over the proposed extension of surveillance measures in Austria. EDRi observer, epicenter.works and other fundamental rights NGOs in Austria are working to mobilise the population to stop the unprecedented and unfounded surveillance measures in the new government programme to be enacted.

Surveillance package – government plans complete surveillance (only in German)

Surveillance: Cameras are being removed again (only in German, 28.01.2017)

Opportunity and risk of state spyware (only in German, 26.04.2016)

German “Bundestrojaner” – The dismantling of state spy software (only in German)


(Contribution by EDRi observer epicenter.works, Austria)