05 Jun 2019

BEREC workshop: Regulatory action by NRAs and consumer empowerment

By IT-Pol

On 29 May 2019, EDRi was invited to participate in a workshop of the Body of European Regulators for Electronic Communications (BEREC) on the planned update of its Net Neutrality Guidelines. Thomas Lohninger from Austrian EDRi member Epicenter.works and Jesper Lund from Danish EDRi member IT-Pol represented our network. Lund provided the following input to the regulators on regulatory action by the National Regulatory Authorities (NRAs).

Epicenter.works published a report in January 2019 which, among other things, surveys regulatory action based on the annual net neutrality reports by the NRAs. Port blocking is a severe form of traffic management since entire services, such as hosting of email or web servers by the end-user, are suppressed. This may be justified in certain situations, but requires a rigorous assessment under Article 3(3) third subparagraph, point b (preserve the integrity of the network) of Europe’s Net Neutrality Regulation (2015/2120).

Port blocking is generally quite easy to detect with network measurement tools. This is also noted in section 4.1.1 of BEREC’s Net Neutrality Regulatory Assessment Methodology (BoR (17) 178). Other forms of discriminatory traffic management are harder to detect. Based on this, it seems a reasonable conjecture to take NRA enforcement action on port blocking as indicative of the rigorousness of wider enforcement practices regarding traffic management. Unfortunately, detailed information on port blocking cases is not contained in most NRAs’ net neutrality reports.

Since the publication of the Net Neutrality Guidelines in August 2016, BEREC has launched a project to create an EU-wide network measurement tool, expected in late 2019. The measurement tool is based on the core principles of open methodology, open data, and open source. This means that the tool can be deployed on many devices, used by many end-users, and that the data generated through “crowdsourcing” by end-users (subscribers of internet access services, IAS) can be analysed by NRAs and other interested parties. In the opinion of EDRi, effective use of the forthcoming measurement tool, with crowdsourced measurement by end-users, will be a milestone in supervision and enforcement actions for traffic management practices.

Among other things, the measurement tool can be used for detection of unreasonable traffic management practices, establishing the real performance and Quality of Service (QoS) parameters of an IAS, assessing whether IAS are offered at quality levels that reflect advances in technology, and assessing whether the provision of specialised services risks deteriorating the available or general quality of IAS for end-users.

All of these tasks are specific obligations for NRAs under the Open Internet Regulation. As EDRi has highlighted before, the crowdsourcing aspect of the deployment of the measurement tool is very important as single measurements can contain a large element of noise, for example because of characteristic of the specific testing environment. In the aggregate, the noisy element can be expected to “wash out”, leaving the effect of the IAS traffic management practices or other network design choices by IAS providers.

When a measurement tool developed by BEREC is freely available to NRAs, the Guidelines on Article 5 of the Regulation should be updated to contain specific requirements and recommendations for the use of network measurement tools in the NRA supervision tasks. NRAs should, of course, be free to choose between their own measurement tools and methodology and the one offered by BEREC to all NRAs.

The Regulation does not per se require NRAs to establish or certify a monitoring mechanism. Needless to say, the Guidelines cannot change that. Therefore, most provisions in the Guidelines related to network measurement tools will have to be recommendations for NRAs.

However, the Regulation specifically requires NRAs to closely monitor and ensure compliance with Article 3 and 4 of the Regulation. While NRAs should be free to choose their own regulatory strategies, allowing these strategies to be adapted to the local “market” conditions and need for enforcement action, some proactive element is required on behalf of NRAs. Simply responding to end-user complaints cannot be sufficient to satisfy the obligation under Article 5.

In the opinion of EDRi, it will be very difficult for NRAs to fulfil their monitoring obligations under Article 5 without some form of quantitative measurement from the IAS network. The last sentence of recital 17 of the Regulation oncretely requires network measurements of latency, jitter and packet loss by NRAs to assess the impact of specialised services.

BEREC’s Guidelines with recommendations on the use of crowdsourced network measurements will have two positive implications for the net neutrality landscape in Europe. For the NRAs that follow the recommendations, and actively use the BEREC measurement tool, we will have quantitative monitoring of the compliance with articles 3 and 4 that is harmonised and comparable across EU Member States. This will, in itself, be hugely beneficial, and contribute to a consistent application of the net Neutrality Regulation.

In Member States where the NRA decides not to use the BEREC measurement tool (or its own), the recommendations in the Net Neutrality Guidelines could potentially facilitate shadow monitoring reports by civil society or consumer organisations. Of course, this can also be done without recommendations in the BEREC Guidelines or even with alternative measurement tools (than the one developed by BEREC), but adhering to the BEREC recommendations would create results that can be more easily compared with for example NRA net neutrality reports in Member States where the BEREC measurement tools is actively used.

EDRi will be pleased to contribute draft amendments to the Guidelines in order to formally incorporate a network measurement tool and crowdsourced measurements in the IAS network by end-users.

IT-Pol
https://itpol.dk/

Epicenter.works
https://epicenter.works/

BEREC Workshop on the update of its Net Neutrality Guidelines
https://berec.europa.eu/eng/events/berec_events_2019/202-berec-workshop-on-the-update-of-its-net-neutrality-guidelines

Europe’s Net Neutrality Regulation (2015/2120)
https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A32015R2120

BEREC Net Neutrality Regulatory Assessment Methodology
https://berec.europa.eu/eng/document_register/subject_matter/berec/regulatory_best_practices/methodologies/7295-berec-net-neutrality-regulatory-assessment-methodology

BEREC Guidelines on the Implementation by National Regulators of European Net Neutrality Rules
https://berec.europa.eu/eng/document_register/subject_matter/berec/regulatory_best_practices/guidelines/6160-berec-guidelines-on-the-implementation-by-national-regulators-of-european-net-neutrality-rules

Two years of net neutrality in Europe – 31 NGOs urge to guarantee non-discriminatory treatment of communications (30.04.2019)
https://edri.org/two-years-of-net-neutrality-in-europe-29-ngos-urge-to-guarantee-non-discriminatory-treatment-of-communications/

NGOs and academics warn against Deep Packet Inspection (15.05.2019)
https://edri.org/ngos-and-academics-warn-against-deep-packet-inspection/

(Contribution by Jesper Lund, EDRi member IT-Pol, Denmark)

close
22 May 2019

Passenger surveillance brought before courts in Germany and Austria

By Gesellschaft für Freiheitsrechte

EDRi members Gesellschaft für Freiheitsrechte (GFF, Society for Civil Rights) and Epicenter.works have taken legal action against the mass retention and processing of Passenger Name Records (PNR) before German and Austrian courts and authorities. The European PNR Directive (Directive 2016/681) requires airlines to automatically transfer their passengers’ data to state authorities. There, the data are stored and automatically compared with pre-determined “criteria” that describe, for example, the flight behavior of known criminals. The data will also be distributed to other authorities and even non-EU member countries.

The EU Member States have been, since May 2018, obliged by the European PNR Directive to have adopted legislation for the retention of passenger data from airlines. For each passenger who takes a flight, a record is created. It contains at least 19 data items, including data such as the date of birth, details of accompanying persons, payment information, and the IP address used for online check-in. Together with information on the flight time and duration, booking class and baggage details, PNR data provides a detailed picture of the trip and the passenger.

PNR data is stored centrally at the respective Passenger Information Unit (PIU). These PIUs are usually located at national police authorities. The data can then be accessed by numerous other authorities and even transmitted to other countries. In addition, an automated comparison of the data records with pre-determined “criteria” is conducted.

This is a way of identifying new suspects in the mass of previously unsuspicious passengers – and a new level of dragnet action by collecting data from all citizens to “catch a few fish”. Thus, each individual, whether previously suspected of a crime or not, can thus be subjected to stigmatising investigations, just for coincidentally having similar flight patterns to past offenders.

GFF and epicenter.works argue that the PNR Directive in its current form violates the Charter of Fundamental Rights of the European Union, in particular the right to respect for private and family life (Article 7), as well as the right to the protection of personal data (Article 8). The Court of Justice of the European Union (CJEU) already took a similar view in its 2017 Opinion on the draft PNR agreement between the EU and Canada.

Since it isn’t possible to appeal the case against the PNR Directive directly before the CJEU, GFF and epicenter.works have brought legal actions before courts and authorities, civil and administrative courts, as well as the data protection authorities (DPAs) in Germany and Austria. The complaints lodged argue that the storage and processing of data by the police authorities violates the Charter of Fundamental Rights. Due to the case’s evident implications of EU law and the CJEU’s aforementioned opinion, it is expected that national courts will eventually refer the question to the CJEU.

The basic funding for the project is provided by the Digital Freedom Fund.

Gesellschaft für Freiheitsrechte (GFF, Society for Civil Rights)
https://freiheitsrechte.org/english/

Epicenter.works
https://epicenter.works

No PNR campaign
https://nopnr.eu

Directive 2016/681 (PNR Directive)
https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016L0681&from=DE

CJEU Opinion on the Draft PNR agreement between Canada and the European Union
http://curia.europa.eu/juris/document/document.jsf?docid=193216&text=&dir=&doclang=EN&part=1&occ=first&mode=DOC&pageIndex=0&cid=7992604

(Contribution by EDRi member Gesellschaft für Freiheitsrechte, Germany)

close
08 May 2019

Austria: New “responsibility” law will lead to self-censorship

By Epicenter.works

Shortly after the EU gave green light to upload filters, two laws were proposed in Austria, with the alleged goal of tackling online hate speech, that rang the alarm bells.


The law “on care and responsibility on the net” forces media platforms with forums to store detailed data about their users in order to deliver them in case of a possible offence not only to police authorities, but also to other users who want to legally prosecute another forum user. Looking at the law in detail, it is obvious that they contain so many problematic passages that their intended purpose is completely undermined.

According to the Minister of Media, Gernot Blümel, harmless software will deal with the personal data processing. One of the risks of such a system would be the potential for abuse from public authorities or individuals requesting a platform provider the person’s name and address with the excuse to wanting to investigate or sue them − and then use the information for entirely other purposes. Rather than improving safety online, the resulting “chilling effect” will lead to individuals avoiding sharing their most controversial opinions on a forum that possesses their detailed personal data. In essence, this is a way of imposing self-censorship on individuals. The proposed laws would concern only a handful of platforms in Austria. The aim is quite clear: to diminish the public democratic discourse and to try to intimidate those who think differently politically.

This law is not alone in restricting online freedoms. During its EU Council presidency, Austria decided to not make a clear rejection of unlawful data retention − a concept that has already been judged several times as contrary to fundamental rights by the European Court of Justice. Furthermore, back at home, the Austrian Federal Government is trying to collect as much data as possible about citizens and with new surveillance laws and porn filters based on the British model. The goal is clear: To monitor people every step of the way on the internet and limit their leeway.

Austria’s Chancellor Sebastian Kurz argues that the internet is not a legal vacuum and that laws apply to the online world too. He’s right. The Charter of Fundamental Rights of the European Union also applies to the online world. We must not allow this creeping undermining and abolition of privacy, data protection, freedom of expression and participation in political discourse. It is time to stand up for these fundamental rights. Let us demand a transparent state instead of a transparent citizen!

Epicenter.works
https://epicenter.works/

EU Member States give green light for copyright censorship (15.04.2019)
https://edri.org/eu-member-states-give-green-light-for-copyright-censorship/

New EU data retention at Austria’s initiative
https://fm4.orf.at/stories/2975759/

(Contribution by Iwona Laub, EDRi member Epicenter.works, Austria)

close
13 Mar 2019

Record number of calls to the EU Parliament against upload filters

By Epicenter.works

With just two weeks to go until the final vote on upload filters in the European Parliament, one hundred MEPs have pledged to vote against Article 13 of the proposed Copyright Directive. Many citizens feel like their legitimate fears about the future of the internet are not taken seriously as lawmakers insult them as being “bots” or simply “a mob”. Public protests demanding the removal of Article 13 have been announced in 23 European cities.

Thousands of EU citizens have taken part in the pledge2019.eu campaign, picking up their phone and calling their representatives. Since the campaign was launched at the end of February, citizens have called their elected representatives more than 1200 times, and spent over 72 hours on the phone with them. This unprecedented number of phone calls to politicians demonstrates just how much people care about an open, uncensored internet. It also shows that citizens are interested in engaging in European political issues, if you let them. After previous attempts of citizens to reach out to policy makers via social media or e-mail have been discredited as originating from bots or being part of a mob, citizens are now going the extra mile and voice their concern directly to their elected representative.

The damage done to Europe’s democracy by claiming that citizens voicing their concerns are a manufactured campaign is immense. A whole generation of internet users learn that their legitimate fears about the consequences of the proposal on modern everyday cultural expression and media habits are being ignored and ridiculed. In reaction, the protest movement against Article 13 gave itself the slogan “We are no bots”.

Upload filters are quickly becoming a major issue in the upcoming EU elections as demonstrators are joined by a host of experts against Article 13: UN Special Rapporteur on freedom of expression David Kaye warns against the threat for our freedom of expression online, academics specialising in intellectual property law call the proposal “misguided”, the founder of the world wide web Sir Tim Berners-Lee together with other internet emincence warns about the imminent threat to the open internet, and the International Federation of Journalists calls on policy makers to rethink this unbalanced copyright Directive.

On 23 March 2019 several rallies and demonstrations will be organised against Article 13 all around Europe. Concerned citizens still have two weeks left to visit www.pledge2019.eu and make their voices heard.

Epicenter.works
https://epicenter.works/

Save Your Internet
https://saveyourinternet.eu/

Pledge2019.eu
https://pledge2019.eu/en

Save Your Internet – Call for a Pan-European Day of Protests on 23 March!
https://savetheinternet.info/demos

(Contribution by Thomas Lohninger, EDRi member Epicenter.works, Austria)

EDRi-gram_subscribe_banner
Twitter_tweet_and_follow_banner
close
13 Feb 2019

A study evaluates the net neutrality situation in the EU

By Epicenter.works

Two and a half years after the adoption of the guidelines confirming strong protection for net neutrality in Europe, Austrian EDRi member epicenter.works published a study on the enforcement and status quo of net neutrality. The study entitled “The Net Neutrality Situation in the EU: Evaluation of the First Two Years of Enforcement” examines whether telecom companies are violating net neutrality rules, how regulators are fulfilling their enforcement and supervision duties, and how this affects internet users across the continent.

The study focuses on the most common net neutrality violation in Europe, the practice of “zero-rating”. For this purpose, epicenter.works conducted a complete survey of all zero-rating offers in Europe, including the applications that benefit from the special treatment of having their data excluded from monthly data cap.

The study highlights two important findings:

  1. that zero rating offers cost consumers more, and do not lead to decreased prices as initially expected;
  2. that it’s mostly American online companies who benefit from zero-rated offers (with only three European exceptions).

For consumers, the most compelling finding was the fact that zero-rating offerings seem attractive, because they promise “free” services, but in the end they lead to an increase in the general price level. In markets with zero-rating practices, the price of data increased 2% year-over-year. In markets without zero-rating practices, the price of data decreased 8% year-over-year.

The study finds that since Europe’s net neutrality rules came into effect, zero-rating has spread to all but two EU countries with a total of 186 zero-rating offers in Europe. In some countries the price difference between the applications with special prices and the rest of the internet was up to 70-fold. Among the top 20 applications that benefit from zero-rating, only three are from Europe. Applications and services from EU countries are rarely zero-rated, which leads to the conclusion that the European Digital Single Market likely suffers from these net neutrality violations. The data indicates that most application providers only participate in one to three zero-rating offerings, which clearly shows that this system canot scale to a single market with over 200 mobile operators. In effect, the study shows how end-user choices are restricted and Europe’s Digital Single Market has been fragmented by the new market entry barriers that telecom companies have created.

Although regulators should have a coherent approach to the enforcement of net neutrality, wildly different approaches were found. Some of the rulings in Europe are even contradicting each other, for example in the area of port blocking or congestion management. In some countries the fines for telecom companies for net neutrality violations rise to nine-digit sums, and in others only to four-digit sums. In Portugal and Ireland there was no penalty provision to be found at all, while Ireland currently holds the chairmanship of the Body of European Regulators of Electronic Communication (BEREC) in charge of the net neutrality reform.

Another key finding of the study is that despite BEREC guidelines requiring telecom companies to provide at least a minimum level of transparency on internet speeds, companies are not publishing that information, and regulators are turning a blind eye.

The study also provides information about the upcoming discussion about 5G within the scope of net neutrality , as this argument the Internet Service Providers (ISPs) is already being laid on the table in the upcoming net neutrality review.

The report can be downloaded on epicenter.works’ website, and all of the data sets have been released as open data. The study was supported by Mozilla and the Austrian Chamber of Labour.

Epicenter.works
https://en.epicenter.works/

Report: The Net Neutrality Situation in the EU (29.01.2019)
https://en.epicenter.works/document/1522

Survey of all differential pricing offers in the EEA (29.01.2019)
https://en.epicenter.works/document/1521

Net neutrality wins in Europe! (29.08.2016)
https://edri.org/net-neutrality-wins-europe/

Net Neutrality vs. 5G: What to expect from the upcoming EU review? (05.12.2018)
https://edri.org/net-neutrality-vs-5g-what-to-expect-from-the-upcoming-eu-review/

(Contribution by Iwona Laub, EDRi member Epicenter.works, Austria)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
05 Dec 2018

Net Neutrality vs. 5G: What to expect from the upcoming EU review?

By Epicenter.works

Since 2016 the principle of net neutrality is protected in the European Union (EU). Net neutrality is a founding principle of the internet. It ensures the protection of the right to freedom of expression, the right to assembly, the right to conduct business, and the freedom to innovate on the internet. These protections came about in no small part due to the work of civil society. A coalition of 23 NGOs worked together for over three years to convince politicians and regulators of the importance of net neutrality. This victory may be called into question when the Body of European Regulators for Electronic Communications (BEREC) reviews its net neutrality guidelines in 2019.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

The net neutrality protections in the EU consist of two layers, a legal and regulatory one. The legal basis for the protections is part of an EU Regulation, which takes precedence over national law and is directly applicable in all Member States as well as the further three countries in the European Economic Area (EEA) Norway, Iceland and Liechtenstein. This Regulation gives the independent national telecom regulators the power and the mandate to protect net neutrality in their respective countries. To ensure that these 31 independent regulators apply the Regulation uniformly throughout the EU and EEA, they must take “utmost account” of the guidelines on net neutrality that were issued by the European umbrella organisation of all telecom regulators, BEREC. These BEREC net neutrality guidelines present very detailed recommendations on what net neutrality actually means in Europe.

The Regulation prescribes that the European Commission has to submit an evaluation report by 30 April 2019. For this purpose, it has outsourced part of the work to the consultancy firm Ecorys and the law firm Bird & Bird, which is famous for assisting the telecom industry in resisting net neutrality protections. This has led to the peculiar situation that regulators and civil society have to answer questions about the strengths and weaknesses of the Regulation to the same office of Bird & Bird that EDRi member Bits of Freedom faces in court in a case based on the same Regulation. Several NGOs, including EDRi, EDRi member epicenter.works and others have sent an open letter to the Commission pointing out this conflict of interest, but the Commission has not fully addressed these concerns.

It seems the European Commission will not reopen the Regulation, considering the elections to the European Parliament in May 2019 and the following reshuffle of political power in the European Union. On the other hand, BEREC conducts itself transparently and has already announced on several occasions that it intends to review its net neutrality guidelines. Since the release of BEREC’s draft work programme for 2019, we also know that this review is planned to start in 2019 and will lead to new draft guidelines, followed by a public consultation process in late September 2019.

What is to be expected of this review? The telecom industry has made clear what they want to talk about: 5G. The new mobile network standard has not even been fully specified, but it is already the biggest talking point of the telecoms industry and is used to call into question existing net neutrality protections around the world. With the US having stepped away from their 2015 Open Internet rules, Europe is now the first major world region that tries to bring 5G in line with net neutrality. This debate has a technological and political side. Technologically, 5G brings a new option for telecom operators to deepen their control over the information flow. It is called “network slicing” and it brings differentiated Quality of Service policies to the radio access network. The scenarios range from preferential treatment for premium subscribers at the expense of everyone else to a complete segmentation of the internet with granular control of the network over every application.

Whether the application of this new industry standard has to follow existing telecom law or whether the law should adapt to the standard ought to be an easy question to answer, but this might not be the case. For example, at the recent global Internet Governance Forum (IGF) in Paris, representatives of telecom giants Vodafone and AT&T strongly argued for loosening existing net neutrality rules in order to make a 5G-rollout more economically viable.

5G offers providers far more control when it comes to giving preferential treatment to individual applications or internet subscribers, but it also brings interesting new features like specifying a low energy network slice, which could be used for example by solar powered Internet of Things (IoT) devices. BEREC has taken it upon itself to tackle this issue upfront. This means that regulators will decide if the strong protections against the abuse of exceptions to the net neutrality in the Regulation (so called “specialised services”) will be upheld.

If Europe follows the push of the telecom industry to water down the implementation and enforcement of its net neutrality rules and allows a two-tiered internet system built on a sliced up 5G network, this could have serious ripple effects in the rest of the world. Should the US and Europe allow 5G to become the exception to net neutrality, the end of the open internet will become a question of the roll-out of the next mobile network technology.

The final guidelines in Europe comes quite close to the US 2015 Federal Communications Commission (FCC) Open Internet rules. Particularly regarding the issue of zero-rating, the guidelines do not offer a so-called “bright-line rule”. This means that the final decision on the legality of commercial offers that discriminate between applications based on price is left to the regulator. While zero-rating offerings are now on the market in all but one European country, not a single regulator has prohibited such offer. Especially low income and young internet users are affected by this strong incentive to only use well-established internet services.

The reform of the net neutrality guidelines should tackle this issue. The Regulation clearly states that there are cases in which regulators have to intervene against zero-rating. While a bright-line rule banning zero-rating would be the best possible outcome, at the very least more guidance has to be given to regulators when it comes to different forms of economic discrimination that are clearly harmful to end-user rights. EDRi member epicenter.works will publish a report on the net neutrality situation in Europe in early 2019, including a mapping of zero-rating offers in the European market.

This article is an adaptation of an article previously published by EDRi member epicenter.works: https://en.epicenter.works/content/net-neutrality-vs-5g-what-to-expect-from-the-upcoming-reform-in-the-eu

epicenter.works
https://en.epicenter.works/

BEREC Guidelines on the Implementation by National Regulators of European Net Neutrality Rules
https://berec.europa.eu/eng/document_register/subject_matter/berec/regulatory_best_practices/guidelines/6160-berec-guidelines-on-the-implementation-by-national-regulators-of-european-net-neutrality-rules

How we saved the internet in Europe (04.10.2016)
https://epicenter.works/content/how-we-saved-the-internet-in-europe

(Contribution by EDRi member epicenter.works, Austria)

close
07 Nov 2018

NGOs urge Austrian Council Presidency to finalise e-Privacy reform

By Epicenter.works

EDRi member epicenter.works, together with 20 NGOs, is urging the Austrian Presidency of the Council of the European Union to take action towards ensuring the finalisation of the e-Privacy reform. The group, counting the biggest civil society organisations in Austria such as Amnesty International and two labour unions, demands in an open letter sent on 6 November 2018 an end to the apparently never-ending deliberations between the EU member states.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

It is today 666 days since the European Commission launched its proposal. The e-Privacy regulation is an essential aspect for the future of Europe’s digital strategy and a necessity for the protection of modern democracies from ubiquitous surveillance networks. Echoing European citizens rightful demands for protections of their online privacy, the organisations ask the Austrian Presidency to lead the way into a new privacy era by concluding the e-Privacy dossier by 2019.

The letter comes in a context in which a parliamentary inquiry from the Austrian Social Democratic party tries to shed light on the lobby connections of the Austrian government regarding the hampering of secure communications for its citizens. Right now, the Austrian government’s position is closely aligned with the interests of internet giants like Facebook and Google, big telecom companies and the advertisement industry.

The Austrian government has recently fast-tracked negotiations on the controversial e-evidence proposal, which would weaken the rule of law and foster further surveillance of citizens’ online behaviour. This is a stark contrast to the meager effort Austrian representatives put into negotiations around legislative proposals that aim to protect the fundamental right to privacy – a topic missing from the Austrian Council Presidency agenda.

In order to ensure that e-Privacy laws will not be used as excuse for the establishment of new repressive instruments, epicenter.works demands a clear commitment to the prohibition of data retention. Data retention has been found unconstitutional in different European countries, while epicenter.works was plaintiff in the 2014 proceedings of the European Court of Justice (ECJ) annulling the data retention directive. A circumvention of the ECJ’s ban through the e-Privacy regulation could expose EU citizens to indiscriminate mass-surveillance and severely undermine trust in EU institutions.

Open Letter sent to Austrian Government (in German only, 06.11.2018)
https://epicenter.works/content/offener-brief-wir-brauchen-eprivacy

Parliamentary inquiry from the Austrian Social Democratic Party (in German only, 29.10.2018)
https://www.parlament.gv.at/PAKT/VHG/XXVI/J/J_02174/index.shtml

Council continues limbo dance with the ePrivacy standards (24.10.2018)
https://edri.org/council-continues-limbo-dance-with-the-eprivacy-standards/

ePrivacy: Public benefit or private surveillance? (24.10.2018)
https://edri.org/eprivacy-public-benefit-or-private-surveillance/

ECJ: Data retention directive contravenes European law (09.04.2014)
https://edri.org/ecj-data-retention-directive-contravenes-european-law/

(Contribution by Thomas Lohninger, EDRi member epicenter.works)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
07 Nov 2018

Brussels up close – Experiences from the EDRi exchange programme

By Epicenter.works

Learning and knowing abstractly how the EU works is one thing, seeing it up close and doing advocacy work right there is quite another! I am a Policy Advisor for the Austrian EDRi member organisation “epicenter.works – for digital rights” and, in October 2018, I spent two weeks with the EDRi office in Brussels. My aim was to get a better understanding of EU law making and advocacy.

Having a background in the field of criminology and law, I was excited to start right away with a rather new dossier on cross border access to data in police investigations: the e-Evidence Regulation. We will probably have to work on e-Evidence for a long time and I am glad to have had the opportunity to familiarise myself early on with this dossier and discuss its many flaws – several of which are quite intricate – with the EDRi policy team.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

Working in Brussels in person has been a big step forward for me in understanding EDRi’s policy work and will enable me to make a better contribution to it in the future. I took part in developing a strategy for proposed amendments that I have started working on during my stay there. As part of EDRi’s e-Evidence working group, I will continue this work on both a national and EU level.

In what at times felt like quite a meeting-marathon, I have had the chance to accompany Maryant Fernandez Perez and Chloé Berthélémy to meetings on e-Evidence with several national Permanent Representations to the EU. I also attended an event organised by the German region North Rhine-Westphalia with German European Commission officials, the European Parliament, the German bar association and police forces on the topic.

As if all that was not enough, I was also briefed on and have familiarised myself with the Terrorism Regulation, and the current state of plans for an ePrivacy regulation. On these dossiers I joined Joe McNamee, Diego Naranjo, Yannic Blaschke and Estelle Massée (Access Now) in meetings with companies and stakeholders. It is an important experience to see how different such meetings can be shaped, depending on the strategy (our own or that of our interlocutors), the culture of the country, company or institution, the knowledge of the dossier and the extent of agreement and so on.

It was also instructive to experience EDRi’s coordination with its member organisations from the other side and see the planning and communication that goes into the adoption and execution of joint strategies among EDRi and its many members. I want to thank the entire EDRi team for welcoming me warmly and for making the exchange program a truly great experience. Many thanks also to the Digital Rights Fund for the financial support of my travel!

Finally, I want to recommend this exchange to any EDRi member. Sometimes it is small things that matter, like hearing Maryant say in her introductory words of a meeting: “We are here to represent 39 member organisations all over Europe” and see and experience what those words mean in practice. It is a fact I knew, of course, but its effect can seem elusive at times, when working on the fronts of national politics, having Brussels only in the back of one’s mind. Therefore, I recommend going to Brussels and seeing from up close how EU politics are made and experience what EDRi is and how it works. Spoiler: EDRi is important and it works best in close cooperation with its members.

epicenter.works
https://epicenter.works/

12 days of digital rights in Brussels. Was it Christmas?
https://edri.org/12-days-of-digital-rights-in-brussels-was-it-christmas/

EDRi’s “Brussels Exchange Programme” – turning theory into practice (07.02.2018)
https://edri.org/edris-brussels-exchange-programme-turning-theory-into-practice/

(Contribution by Angelika Adensamer, EDRi member epicenter.works, Austria)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
23 Apr 2018

Civil society urges Portuguese telecom regulator to uphold net neutrality

By EDRi

On 23 April 2018, 13 civil society organisations submitted a complaint to the Portuguese regulator on one of the most extreme net neutrality violations in Europe, urging them to use their authority to prohibit so-called zero-rating offers.

Portugal features the worst net neutrality violations we have seen in Europe to this day. It is hard to imagine how an independent regulator cannot find those offers in violation of EU law.

said Thomas Lohninger, Executive Director of epicenter.works, a member organisation of European Digital Rights (EDRi). “In this complaint, we present legal and economic evidence that, by all criteria of the EU net neutrality rules, these products should be prohibited”, he added.

The European Union (EU)’s net neutrality rules protect European citizens’ right to a free and open internet. They came into effect in April 2016. The Body of European Regulators for Electronic Communications (BEREC) laid down guidelines to clarify certain aspects. Despite the protections these guidelines offer, we have witnessed a dramatic increase in net neutrality violations in Europe, particularly zero-rating offers. This practice makes using certain applications more expensive than others. To date, very few regulators in the EU have decided to intervene against such offers, despite having authority to do so.

In Portugal, the three largest mobile operators, MEO, Vodafone and NOS, hold a combined market share of more than 95%. All of them offer zero-rating products that give preferential treatment to dominant internet companies like Facebook and Google. This is while the country ranks among the worst in Europe when it comes to the price and availability of mobile data download capacity, and the zero-rating offers in question are far cheaper than any other data volume a Portuguese citizen can buy. The telecom companies decide in an intransparent process which internet services are included in the zero-rating offer. The operator can exclude services from the offer at any time without being accountable to their customers.

In March 2018 the Portuguese regulator ANACOM finally decided to start a formal assessment of this offer and came to the conclusion that the telecom companies offering these products are allowed to continue. ANACOM’s draft decision is now subject to a consultation, and 13 civil society organisations (NGOs) have written a joint submission to urge the regulator to change its position. As part of this submission the NGOs present statistical evidence based on data from the European Commission that zero-rating has a detrimental effect on the price of internet access. “In general, prices for mobile data volume in Europe fell by 8% from 2015 to 2016, except in markets where zero-rating products are offered. There, prices increased by 2%”, said Thomas Lohninger.

The EU protections for net neutrality will soon undergo a reform. BEREC is currently conducting a public consultation on the guidelines for national regulators it passed in 2016, and the European Commission is expected to publish its evaluation of the underlying regulation by April 2019. EDRi and its member organisations will continue to fight for net neutrality, sharing its analysis with regulators, legislators, and the courts.

Submission of 13 civil society organisations to the Portuguese regulator (19.04.2018)
https://epicenter.works/document/1111

Portuguese ISPs given 40 days to comply with EU net neutrality rules (07.03.2018)
https://edri.org/portuguese-isps-given-40-days-to-comply-with-eu-net-neutrality-rules

Video: Net Neutrality Enforcement in the European Union (29.12.2017)
https://en.epicenter.works/content/net-neutrality-enforcement-in-the-european-union-talk-at-34c3

Net neutrality wins in Europe! (29.08.2016)
https://edri.org/net-neutrality-wins-europe/

BEREC Guidelines on the Implementation by National Regulators of European Net Neutrality Rules (30.08.2016)
http://berec.europa.eu/eng/document_register/subject_matter/berec/regulatory_best_practices/guidelines/6160-berec-guidelines-on-the-implementation-by-national-regulators-of-european-net-neutrality-rules

Zero rating: Why it is dangerous for our rights and freedoms (22.06.2016)
https://edri.org/zero-rating-why-dangerous-for-our-rights-freedoms/

SaveTheInternet.eu campaign (2013-2016)
https://savetheinternet.eu/

Twitter_tweet_and_follow_banner

* This press release was updated to change “To date, not a single regulator in the EU has…” to “To date, very few have decided to intervene against such offers, despite having authority to do so”.

close
18 Oct 2017

Success Story: A win on Austrian surveillance legislation

By Epicenter.works

The security debate in many countries shows an alarming trend towards restrictions of fundamental rights that liberal societies have codified in the past centuries. Particularly in the field of surveillance, recent legislation often goes beyond what has been deemed constitutional by courts and lacks any fact-based justification as to how those measures are supposed to prevent or mitigate serious crime. Advocacy groups rarely achieve a victory in this debate. Hence, it is worth taking a closer look at a recent example from Austria where such legislation was prevented by EDRi member NGO epicenter.works.

In January 2017, the Austrian government agreed to a “security package”. The proposed legislation spanned over several seemingly unconnected areas from the legalisation of government spyware, restrictions of the right to assembly, real-time CCTV systems, a centralised database for registered license plates (piggybacked on existing legislation for license plate tolls), IMSI catchers, a prohibition of anonymous pre-paid SIM-cards, and the arrest of people who pose “potential threats” before convictions or even charges.
Epicenter.works published an analysis of the government agreement on the day of its release and started a campaign called “surveillance package”. In the course of seven months, 10 out of 12 proposed measures were abandoned. This is how epicenter.works reached these outstanding results in its campaigning.

Separating the security debate from the surveillance spiral

Terrorism in Europe is much like a wasp trying to destroy a china shop. The wasp alone can never achieve its aim, but if people react with panic, the result will be destruction.

The hard truth is is that modern terrorism with cars and self made bombs can never be completely avoided. Political decisions are rarely guided by facts and analysis of previous attacks to reduce the chance of future incidents (due to the political need to propose “something” to reassure the population). Instead, they rely on the assumption that increased surveillance automatically leads to more security. In an effort to stress that this is a fallacy, epicenter.works coined the term “surveillance package” and made it clear that these reforms are unlikely to bring about a higher level of security. By the end of the campaign, this wording was picked up not only by the whole opposition, but also by media, which was a great success.

The “surveillance package” proposed by the Austrian government had the same central weakness as most recently proposed surveillance measures in Europe: their complete lack of justification in quantifiable criminological measurement. Part of the “surveillance package” campaign was to define an “objective security package” with measures that are actually adequate and important for security – such as multilingual police and better police training – none of which includes more surveillance powers. This builds on epicenter.works’ attempts to create a scientific concept to evaluate anti-terrorism measures.

----------------------------------------------------------------- Support our work with a one-off-donation! https://edri.org/donate/ -----------------------------------------------------------------

When a government restricts the fundamental rights of its citizens, the burden of proof always lies with the legislator as to why those restrictions are efficient, necessary, and proportionate. Questioning the security benefits of the proposed laws helped tremendously to undermine them as ineffective and purely opportunism-driven surveillance legislation.

Combine jurisprudence, technology and design in one team

From the first draft of the government’s work program to the proposed legislation epicenter.works provided an in-depth analysis from a legal and technical perspective. The complex analysis was complemented by single page synopses of important questions and infographics. Three press conferences, eight demonstrations in six cities, and thousands of tweets, videos, and images, as well as countless discussions with politicians and other stakeholders followed. The outcome was a combination of policy-driven and campaign-driven approaches that had great impact.

Make the many voices heard

For the first iteration of this campaign epicenter.works developed a new telephone tool that allowed citizens to subscribe to daily calls with their representatives. In a second stage, the campaign publicised the parliamentary consultation of the proposed legislation to a wider public thereby eclipsing all previous consultations threefold with a total of 18 094 responses, crashing the consultation website. In the final stage, all 6 350 public statements were analysed and visibility given to the arguments of institutions like the Austrian high court, the lawyers’ association, and the Red Cross.

Conclusion

The main lesson to take away from this is that one size doesn’t fit all. The “surveillance package” campaign was a success thanks to the diversity in methodologies, flexibility to react to new circumstances, and a multidisciplinary team of experts, grassroots campaigners, and media strategists. However, the most important detail that allowed this success was reframing the discussion away from surveillance and towards a broader security debate. In that new framing, privacy advocates will be able to propose more effective and fact-based solutions that do not rely on surveillance.

Surveillance package campaign (only in German)
https://überwachungspaket.at/

Requirements for a comprehensive surveillance footprint evaluation (only in German)
https://epicenter.works/thema/heat

(Contribution by EDRi member epicenter.works, Austria)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close