25 Feb 2015

Did GCHQ spy on you? Find out now!

By Guest author

Since its launch on 16 February 2015, over 25 000 people have joined an international campaign to try to learn whether Britain’s intelligence agency, GCHQ, illegally spied on them.

This opportunity is possible thanks to court victory in the Investigatory Powers Tribunal (IPT), a secret court set up to hear complaints against the British Security Services. As previously reported in the EDRi-gram, Privacy International won the first-ever case against GCHQ in the Tribunal, which ruled that the agency acted unlawfully in accessing millions of private communications collected by the US National Security Agency (NSA), up until December 2014.

Because of this victory, now anyone in the world can try to ask if their records, as collected by the NSA, were part of those communications unlawfully shared with GCHQ. We feel the public has a right to know if they were spied on illegally, and Privacy International wants to help make that as easy as possible.

Unfortunately, the IPT can’t act by itself, and that’s why it needs people to come forward and file complaints. Privacy International plans to assist as many people as possible in jumping through the hoops the process will probably entail. It is going to be a long fight, and it will likely take months for the IPT to process all the complaints. However, it is important to bear in mind that if the IPT find that your communications were illegally shared with GCHQ, they will be obligated to tell you.

Through their secret intelligence-sharing relationship with the NSA, GCHQ has intermittently enjoyed unrestricted access to PRISM, the NSA’s means of directly accessing data and content handled by some of the world’s largest Internet companies, including Microsoft, Yahoo!, Google, Facebook, Skype, and Apple. GCHQ has also had access to other parts of the NSA’s Upstream collections, through which telephone and internet traffic data is accessed as it flows through communications infrastructure, including CO-TRAVELER, which collects five billion mobile phone locational records a day, and DISHFIRE, which harvests 194 million text messages daily. The top five programs within Upstream created 160 billion interception records in one month alone.

Chances are, at some point over the past decade, your communications were swept up by one of the NSA’s mass surveillance programs and passed onto GCHQ. We think you have a right to know whether that’s the case, and if so, to try and demand that data be deleted. Privacy International wants to help you assert those rights.

Privacy International’s campaign “Did GCHQ illegally spy on you?”
https://privacyinternational.org/illegalspying

FAQ: Did GCHQ Spy On You?
https://privacyinternational.org/?q=node/495

(Contribution by Eric King, Privacy International)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
11 Feb 2015

Final push for our crowdsourcing campaign

By Heini Järvinen

European Digital Rights’ existence is at stake. Our main funding projects all end in 2015. In December 2014, we launched a campaign asking help to ensure we can continue our work to transform Europe into a free and open society, where your civil rights and freedoms are reliably guaranteed. Now, the last days of the campaign are here, and there is still work to be done to reach our goal.

The campaign: https://edri.org/campaign/support-digital-rights-europe/

In the past five years, EDRi has evolved from being a decentralised alliance with no staff to an influential organisation with a Brussels office and professional staff. Since it opened its office in Brussels in 2009, EDRi has become a strong voice for freedoms in the digital environment. It is often the first contact point for policy makers in the EU institutions on digital rights matters.

Imagine what the world would look like if EDRi didn’t exist! Would we have ACTA, EU-wide mandatory web blocking, a non-neutral Internet and more widespread censorship? EDRi is asking for support in order to be able to fund one advocate who will fight to keep private information private, to fight against surveillance and censorship measures.

EDRi-main

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
11 Feb 2015

Digital Rights orgs call on world leaders to uphold human rights

By Guest author

Over 30 digital and civil liberties organisations from around the world have endorsed a joint statement calling on the world’s governments not to expand surveillance measures in the wake of the Charlie Hebdo attacks. In addition to European Digital Rights (EDRi), signatories include Article19, digitalcourage, IT-pol, Vrijschrift, La Quadrature du Net, Panoptykon, Initiative für Netzfreiheit, FITUG e.V., Alternative Informatics Association, ORG, EFF, Effi, APTi, and Access.

It seems that even while events were unfolding in Paris, proposals and measures restricting civil liberties have been put forward – from France, Belgium, Spain, the United States, Australia to Turkey and beyond. One of the most notable examples is in the very wake of the attacks, the French government convened an extraordinary EU Home Affairs summit, as several leaders were in Paris for the Unity March. There, it was decided to move several concrete proposals forward, two of which would drastically impact human rights: 1) a controversial EU Passenger Name Record agreement that has been discussed in Brussels since 2011; and 2) ad-hoc measures for internet platforms to monitor and remove alleged hate speech.

The signatories of this statement have seen this before —a tragedy that leads to a dramatic expansion of security measures, without proper democratic scrutiny, providing the necessary checks and balances to ensure that other rights, like privacy and free association, aren’t undermined.

The letter invites the French government to conduct a thorough evaluation of relevant policies, before enacting new laws and policies that can harm fundamental rights.

In addition, it calls on these political leaders to:

  • Ensure the protection and defence of national level human rights protections, particularly free expression and privacy online and offline;
  • Engage citizens and institutions in a public dialogue on targeted solutions that can help protect society while upholding human rights;
  • Defend a free and open society where human rights are not only protected, but celebrated, and where diverse viewpoints, including the satirical perspectives embraced by Charlie Hebdo, can be expressed online and offline.

There are no easy or quick solutions. In difficult moments like these, we must defend the values of the society that we want to live in, or we risk undermining those values in the name of saving them. The letter is still open for signatories: all are welcome to join us in working toward a better world where free expression, privacy, and other human rights can thrive.

Open letter to the world’s governments in the wake of attack on Charlie Hebdo:
https://www.accessnow.org/pages/open-letter-to-the-worlds-governments-in-the-wake-of-attack-on-charlie-hebd

Charlie Hebdo Tragedy Must Not Be Used by Governments to Expand Surveillance:
https://www.accessnow.org/blog/2015/01/28/charlie-hebdo-tragedy-expand-surveillance

(Contribution by Raegan MacDonald, EDRi-member Access)

EDRi-former_banner-02

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
06 Feb 2015

How to deal with Facebook’s new tracking policies

By Joe McNamee

If you use Facebook, you may have noticed that they have unilaterally changed the rules again about how they use your data.

According to The Independent, the new change allows Facebook

to gather data from activity across the internet, as well as the normal data it gathers on information you and your friends have added to the site. It also allows the site to pass on that information with its other branches, including Instagram.

Facebook suggests one way of stopping them from stalking you. However, it isn’t the only way:

How to stop FB tracking?

Twitter_tweet_and_follow_banner

close
28 Jan 2015

EDRi launches privacy trainings in the European Parliament

By Heini Järvinen

On 23 January 2015, EDRi organised its first series of privacy and IT security training sessions in the European Parliament (EP). Three Members of the European Parliament (MEPs) and their assistants from throughout the political spectrum – European Conservatives and Reformists Group (ECR), European United Left, Nordic Green Left (GUE/NGL) and the Greens, European Free Alliance (Greens/EFA) – participated in the individual, customised training sessions.

The goal of the training sessions is to give MEPs and their assistants an overview on why protecting their privacy is important, both from personal and political reasons. We explained the potential risks to their privacy in different environments, and how to assess probable threats. The objective was to also offer them a selection of practical tools to improve the privacy of their private and professional communications.

The training sessions were tailored according to each participant’s level of previous knowledge as well as their interests, and the topics included encryption, anonymous browsing, risks when using smart phones and instant messaging. Besides sharing theoretical knowledge and suggesting different solutions for the participants’ needs, some tools were explained to them also in practice. For example memory sticks with the Tails operating system were given out for “testing”, and email encryption tools installed and configured to personal computers. A “menu” of privacy options was offered to participants, including a big choice of starters, main courses and desserts, similar to the Privacy Cafés run by EDRi-member Bits of Freedom.

From the point of view of privacy and secure communications, there is a lot to improve in the EP; default solutions offered for browsing the Internet, sharing documents and sending internal emails are often not privacy friendly, and installing privacy enhancing software or plugins to the computers is made difficult or impossible – which the leads to MEPs using private devices and insecure solutions instead. To increase awareness of privacy issues within the EP, and to introduce better practices, training sessions have been planned with more MEPs, and EDRi will be following up, offering further support and advice to the participants of the trainings that already took place.

If you are working in the EU Parliament and interested in the training sessions, please contact us via: VIP-training(at)edri.org

Privacy training Menu:
https://edri.org/wp-content/uploads/2013/09/Privacy_training_menu.png

Bits of Freedom’s Privacy Café
https://privacycafe.nl/

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
14 Jan 2015

EDRi’s work in 2014

By Kirsten Fiedler

EDRi continued to go to strength in 2014, with a hugely significant victory on net neutrality in the European Parliament and an innovative and successful campaign to raise the profile of our issues in the elections in May.

Our successes last year built on a strong development of the organisation in recent years. Since 2009, European Digital Rights has undergone major changes and evolved from a decentralised alliance with no staff to a growing organisation that is expanding its work and influence at the end of 2014.

Our annual report gives an overview how we continued to strengthen and focus the activities of the digital rights activist community in Europe and maximise the opportunities to campaign with a single voice. If you don’t have the time to read a long pdf, this post gives you a brief overview of what we’ve been doing in 2014.

Information technology has a revolutionary impact on our society. The threats and opportunities for our enjoyment of our democratic freedoms are growing exponentially – faster than our resources. The past year has shown how developments in the digital sector boosted freedom of communication and democracy but have also led to new approaches to surveillance. They are increasingly used to impose restrictions on fundamental rights. Our role is therefore to ensure that citizens’ rights and freedoms in the online environment are respected whenever they are endangered by the actions of political bodies or private organisations. In order to be able to continue our fight, we launched a fundraising campaign at the end of 2014.

You can read our annual report here (pdf), check last year’s finances and complete press review of 2014.

Copyright
Net neutrality
Data protection and privacy
Surveillance
The Transatlantic Trade and Investment Partnership (TTIP)
European elections: Your elected digital rights superheros
Privatised enforcement and the rule of law

What we have achieved in 2014

EDRi_2014_timeline_3
For full size click here

Copyright


 

  • We facilitated direct citizen participation in the democratic processes of the EU. Our answering guide for citizens on youcan.fixcopyright.eu and work with the Copyright 4 Creativity coalition lead to over 11,000 replies to the EU Commission’s copyright consultation.
  • We successfully persuaded the IP Observatory to abandon its biased report on copyright infringements in the digital world.
  • We are continuing to fight to ensure a good outcome of the “voluntary measures” study by the Observatory.
  • We carried the message for reform to policy-makers at several high-profile conferences, such as the European Voice conference on “Copyright 2015”.
  • Among others, our efforts were mentioned by: EurActiv, TorrentFreak, TechDirt.

Net neutrality


 

savetheinternet

STEeu-parliament
SaveTheInternet in front of the EU Parliament,
1 April 2014 with MEPs Weidenholzer (S&D),
Lange (S&D), Ernst (GUE/NGL) and Hirsch (ALDE)
photo by campact

Data protection and privacy


 

  • In March, we published analysis of the European Parliament’s vote on the LIBE committee’s report which represented another crucial step towards protecting European right to privacy.
  • Our comments on current data protection events were quoted in several international online publications (for ex. NPR, Intellectual Property Watch).
  • In February, EDRi provided input to a conference of the Green party in Helsinki on the topic of corporate lobbying against the EU data protection reforms.
  • We successfully campaigned for an amendment (42a new) to the Data Protection Regulation banning the unauthorised export of personal data for law enforcement purposes.
  • Together with other NGOs, we sent a letter (pdf) to Google’s Advisory Council on the so-called “right to be forgotten” and took part in a high level conference on this topic.

Surveillance: Data retention and passenger name records


 

  • On 8 April, European Court of Justice decided that the Data Retention Directive, an EU legislation on mass surveillance, contravenes European law, thanks to a case brought by EDRi-member Digital Rights Ireland and AK Vorrat Ireland. EDRi and its member organisations provided considerable analytical support for the case over several years.
  • The European Parliament report on mass surveillance includes a seven point action plan, “European Digital Habeas Corpus” which we will follow in the coming months.
  • After a short and fierce campaign, we achieved a major victory for civil liberties with regard to ongoing Passenger Name Record (PNR) initiatives. In November 2014, we campaigned in favour of a resolution for a referral to the EU Court of Justice (CJEU) which was adopted with a substantial majority. The EU-Canada agreement on the transfer of PNR will now be tested for its compatibility with the EU treaties and Charter of Fundamental Rights.

The Transatlantic Trade and Investment Partnership (TTIP)


 

  • The European Commission organised a public consultation on investor-state dispute settlement (ISDS) which they would like to include in TTIP and other trade agreements. In order to help citizens and other civil society organisations respond, EDRi created an extensive answering guide for the consultation (online form) and submitted its answer (pdf).
  • We also provided a detailed response to the European Ombudsman’s consultation on transparency of the TTIP negotiations (pdf) and welcomed her initiatives to open investigations on both the European Commission and the Council of the European Union to ensure that transparency and public participation in TTIP negotiations.
  • On 14 and 15 July, EDRi co-organised a civil society strategy meeting in Brussels.

European elections: Your elected digital rights superheros


 

dataviz-signons

  • 83 candidates that signed the Digital Rights Charter were elected Members of the European Parliament, you can access the list here.
  • Citizens and organisations from all over Europe will now be able to hold these Parliamentarians accountable on the basis of their promise to defend digital rights
  • In April, we organised an event on digital rights and the EU elections in the Parliament which gained support from across the political spectrum, speakers were: Pavel Zalewski (EPP, Poland), Marietje Schaake (ALDE, NL), Josef Weidenholzer (S&D, Austria) and Christian Engström (Greens/EFA, Sweden)
  • Between January and May, our campaign was frequently mentioned in the press and international blogs, such as BoingBoing, Le Monde Diplomatique and Süddeutsche Zeitung.
  • You can access our complete press review for the year 2014 here.
  • We published a booklet (pdf) explaining the Digital Rights Charter and distributed it to all Members of the European Parliament.

Privatised enforcement and the rule of law


 

  • As a result of our advocacy work and public campaigning, the draft text for voluntary blocking/filtering measures in the “Telecoms single market” proposal was removed by a majority the EU Parliament in April 2014.
  • We continued to raise awareness for this issue and to criticise initiatives, relevant proposals in international agreements.
  • We published a new booklet “Human Rights and privatised law enforcement”, which is available at https://edri.org/papers
  • We highlighted the problems in the outcome document of the NETmundial conference which called for private policing via “cooperation among all stakeholders (…) to address and deter illegal activity, consistent with fair process.”
  • We initiated and spoke on a panel at the RightsCon 2014 discussing privatised enforcement and corporate censorship (YouTube).
close
13 Jan 2015

Privacy Camp: Big data and ever increasing state surveillance

By Kirsten Fiedler

cropped-cpdp_pre-event_banner_1120x252px_21

As every year, EDRi is co-organising a privacy camp for civil society as a warm-up event for the CPDP conference. The event will discuss big data and every increasing state surveillance and the sessions will focus on privacy and data protection challenges and possibilities in Europe.

It will take place on Tuesday, 20 January 2015 in Brussels. Please check the event page for the agenda and further details on Privacy Camp Brussels.

The event will bring together digital rights advocates, members of NGOs and civil rights groups from all around Europe and beyond to discuss the problems currently facing human rights online and develop strategies to address the key challenges.

This year’s program will kick off with a roundtable discussion on demystifying big data. Big data has become the biggest buzzword of 2014. Researchers in a variety of fields have started analysing ever larger data sets. While this “big data” can be used for the social good, that it can help find cure for diseases and to protect our environment, there are also major concerns that such analysis could usher in a new wave of medical and social inequality and discrimination. What are the challenges for society with regard to surveillance and fundamental rights? What is Europe’s role in all this and how can civil society address these challenges?

The opening session will be followed by debates and strategy workshops on data retention, flight passenger data retention (EU PNR) and on the EU-US trade agreement (TTIP) negotiations in the wider context of transatlantic data flows. The event will end with a meeting between privacy advocates and surveillance studies scholars.

Please R.S.V.P by no later than 17 January to imge.ozcan(at)vub.ac.be and note that non-NGO participation is by invitation only – participation is free of charge. The event is co-organised by EDRi, Vrije Universiteit Brussel, Université Saint Louis, IRISS, LSTS and CPDP.

close
17 Dec 2014

Irish surveillance legislation: secret interpretations of secret laws

By Joe McNamee

A few weeks after introducing lawless internet blocking in Ireland, Minister for Justice Frances Fitzgerald took her assault on the rule of law to another level. On 26 November 2014, she introduced into national law – by means of a “Statutory Instrument” (SI, an executive power that does not require any parliamentary discussion) – new powers that allows foreign law enforcement authorities to intercept Irish e-mails and phone calls. It also allows the Irish authorities to request tapping in foreign jurisdictions. The power to adopt the SI derives from legislation on mutual assistance adopted in 2008.

The measures, having remained dormant for six years, were signed into law by Minister Fitzgerald. They came into force the day after documents were published in Der Spiegel, indicating that the British intelligence agency had been tapping undersea communications for many years. Despite these revelations, and the wider damage to citizens’ rights and freedoms caused by the practices uncovered by the Snowden revelations, Minister Fitzgerald did not feel that it was necessary to consult Parliament again. Indeed, she did not even consider it necessary to make a public statement on the SI, choosing instead to quietly sign it into law.

By doing so, there has been no parliamentary debate, there has been no public debate. If the measure was necessary and proportionate, when it was adopted in 2008, why was it somehow not necessary to actually pass it into law until 2014? What was the advantage of avoiding a public debate? The Minister’s explanation that the measure was needed in order to comply with European obligations implies that she does not believe that such far-reaching powers are actually necessary – and therefore that Ireland is being forced into a breach of international law by its European obligations. It is worrying that this happened just six months after the European Court ruled that the EU’s Data Retention Directive was illegal under EU law. The ruling means that EU Member States had been coerced by the European Commission into breaking the law, in the name of law enforcement.

EDRi member Digital Rights Ireland (DRI) has been highly critical of the measures, particularly with regard to the use of secret courts, which are a novel measure from an Irish legal perspective and raise significant concerns for predictability. According to DRI Chairman TJ McIntyre, a minister should not be in a position where he or she can order compliance with secret orders, and where the companies subject to orders are not able to publicly state their objections, or even that they are the subject of an order. “It’s worrying because it means telecommunications companies might be pressured into doing things that aren’t entirely legal,” he is quoted as saying.

Help us fight against surveillance, donate now:

Print

Irish Times “State sanctions phone and email tapping” http://www.irishtimes.com/business/technology/state-sanctions-phone-and-email-tapping-1.2027844

Irish times “Surveillance by a Government-sponsored secret system” http://www.irishtimes.com/business/technology/surveillance-by-a-government-sponsored-secret-system-1.2033443

close
17 Dec 2014

EDRi paper for the Council of Europe: “Human Rights Online”

By Guest author

EDRi drafted an expert paper on “Human Rights Violations Online” to offer a practical backdrop to the Guide to Human Rights for Internet users adopted by Council of Europe on 16 April 2014. The Guide informs readers about what online rights and freedoms mean in practice, how they can be relied and acted upon and how to access remedies. It is meant to be actively promoted by Member States of the Council of Europe among their citizens, public authorities and private sector.

As highlighted in the Guide, it does not establish new human rights and fundamental freedoms, but builds on existing human rights standards and enforcement mechanisms. It focuses on the following fundamental rights and freedoms that must be effectively exercised online: 1) access and non-discrimination; 2) freedom of expression and information; 3) assembly, association and participation; 4) privacy and data protection; 5) education and literacy; 6) rights of children and young people; 7) effective remedies.

The paper issued by EDRi accompanies the Guide and highlights examples of challenges for human rights online by focusing on relevant case studies and issues that might affect fundamental rights and freedoms of internet users: the arbitrary and extra-judicial removal of internet access as a sanction to allegedly illegal downloading, state-imposed “self-”regulation and monitoring/filtering obligations on internet service providers, preventive surveillance measures justified by vague notions of “national security”, blocking of websites and access to cultural heritage, and blanket restrictions to the content online due to the excessive child protection measures.

The leitmotif of EDRi’s paper is the role of intermediaries in the implementation of human rights online and difficulties to redress when rights are being excessively or arbitrarily restricted by private sector. The paper argues that there appears to be a consistent problem in asserting rights when restrictions on the fundamental rights are imposed “voluntarily” (in practice by direct governmental pressure) and implemented by corporations in the absence of a clear legal obligation. States are often directly encouraging “self-regulatory” restrictions on rights outside of the rule of law that are based on vague and unclear terms of service. This situation is clearly contrary to basic principles of human rights law, particularly the requirements for restrictions to be prescribed by law, necessary in democratic society and proportionate. In practice, however, a private company, such as a social network provider or a search engine, is generally the ultimate arbiter and decision-maker over the “reasonable” balance between different fundamental rights, with its decision being dependent on the fear of facing liability or public relations damage in case of not monitoring, not filtering, not blocking or not deleting the disputed content. The outcome of such decision-making is not effective, proportionate or independent.

EDRi’s paper concludes that, states should not delegate their functions, especially their human rights obligations, to the private sector. The liability of internet intermediaries is not a solution to issues such as child abuse, child protection, terrorism, hate speech or defamation, especially when the counterbalance to the actions taken by intermediaries is absent and one interest is disproportionately prioritised over the other.

We would like to thank the Child Rights Information Network (CRIN) for the preparing the chapter on Children and Young People.

Print

CoE Human Rights Violations Online, drafted by European Digital Rights DGI(2014)31 (4.12.2014): https://edri.org/files/EDRI_CoE.pdf

Recommendation CM/Rec(2014)6 of the Committee of Ministers to member States on a Guide to human rights for Internet users (16.4.2014): https://wcd.coe.int/ViewDoc.jsp?id=2184807

Recommendation CM/Rec(2014)6 of the Committee of Ministers to member States on a guide to human rights for Internet users – Explanatory Memorandum (16.4.2014): https://wcd.coe.int/ViewDoc.jsp?Ref=CM%282014%2931&Language=lanEnglish&Ver=addfinal&Site=CM&BackColorInternet=C3C3C3&BackColorIntranet=EDB021&BackColorLogged=F5D383

Guiding Principles on Business and Human Rights: Implementing the United Nations “Protect, Respect and Remedy” Framework (2011): http://www.ohchr.org/Documents/Publications/GuidingPrinciplesBusinessHR_EN.pdf

(contribution by Polina Malaja, EDRi trainee)

close
17 Dec 2014

EDRi participates in UNESCO study on Internet related issues

By Guest author

UNESCO ran a major consultation on “Internet related issues” which closed on November the 30th. The areas covered were fourfold: access to information and knowledge, freedom of expression, privacy, and ethical dimensions of the information society. While the scope of this consultation was breathtakingly broad, UNESCO should be applauded for at least acknowledging that all these topics are related and relevant for policy-makers in the internet age.

In its response, EDRi has largely focused on the intersection of freedom of expression and privacy and less so on the wider ethical questions of the information society posed by the consultation. This was not because we feel that there are none, or that they aren’t relevant, but simply because the broadness of the consultation exceeded our ability to answer all of the questions to the level of detail needed to do them justice.

Print

Our response can be found here (28.11.2014): https://edri.org/wp-content/uploads/2013/09/20141128_EDRi_UNESCO_consultation.pdf

Also valuable reading EDRi member Article 19’s response: https://edri.org/wp-content/uploads/2013/09/UNESCO-questionnaire-A19-response-FINAL-28112014.pdf

(Co-author of EDRi’s input to the UNESCO study: Maria Świetlik, Internet Society Poland;
EDRi-gram contribution by Walter van Holst, EDRi-member Vrijschrift, The Netherlands)

close