freedom of expression

Freedom of expression is one of the key benefits of the digial era. The global information society permits interaction on a scale that was previously unheard of – promoting intercultural exchange and democracy. Consequently, the protection of this freedom is central to much of EDRi’s work.

28 May 2015

Parliament Committee adopts a disappointing position on TTIP

By Heini Järvinen

The European Parliament’s Committee on International Trade (INTA) adopted this morning a position on the planned “Transatlantic Trade and Investment Partnership” (TTIP) between the United States and the European Union.

“We are delighted with the campaigning activity surrounding this vote,” said Joe McNamee, Executive Director of European Digital Rights. “It is clear that Europe’s citizens will not accept any agreement that prioritises short-term economic interests over fundamental rights. Even if we did not get the outcome we wanted, civil society has made its voice heard. The campaign will be one hundred times bigger when it comes to the real vote – the European Commission and Parliament know this and we are confident that the message is slowly being understood – citizens concerns must be taken into account.”

Current negotiations cover tariffs, standards in a wide range of industrial and service sectors, “regulatory cooperation” for future legislation and the setting up of an “Investor-state dispute settlement ” (ISDS) mechanism, which allows companies to sue governments in front of private arbitral courts. TTIP goes far beyond normal Free Trade Agreements (FTAs), as it contains provisions on standards and legislative harmonisation. This will have an impact on a number of other fields, such as data protection, copyright and surveillance, which could pose a threat to digital civil rights.

We welcome the position INTA took on human rights clauses, and its call for improved transparency, even if they still fail to call for a transparency-by-default approach. The Committee’s acknowledgement of the EU Ombudsman’s position on this issue is also to be welcomed.

However, INTA failed to take a strong position in a number of issues. On ISDS, the Committee’s position does not reflect citizens concerns, nor the advice of their colleagues from the Legal Affairs Commitee (JURI). The same applies to the text adopted on copyright, which is misleading and also fails to take the JURI advice into account.

Finally, on data protection, the position of INTA failed to fully respect the views of the Parliament’s Civil Liberties Committee, which said that data protection standards must not be negotiated in trade agreements.

In the run-up to today’s vote, several parliamentary Committees adopted far more balanced and critical opinions on TTIP. This means that the balance of views in the Parliament are not reflected in today’s outcome. We call on the 751 Members of the European Parliament not to turn their backs on citizens. Vote in Plenary is scheduled for 10 June.

Read more here:
TTIP Resolution: document pool
Infographic: TTIP Resolution
EDRi’s red lines on TTIP
The Lobbyists’ Charter
Legal Affairs Committee: ISDS and IPR must be excluded from TTIP
Data protection and privacy must be excluded from TTIP
Compromise amendments

Twitter_tweet_and_follow_banner

close
26 May 2015

Parental Controls: Lawless blocking/filtering as part of “net neutrality”?

By Joe McNamee

At the request of the United Kingdom, the Council of the European Union, the European Commission and European Parliament appear ready to adopt – in the context, ironically, of measures that are supposed to protect net neutrality – provisions which are meant to allow UK-style blocking and filtering across Europe.

This approach was opposed in its entirety by the Parliament in its first reading report on the Telecoms Single Market Regulation and would represent a complete failure of the Parliament to defend the opposite.

The dangers of the British approach to “parental controls” are shown by this infographic (PDF), which EDRi sent to the Parliament negotiators and key MEPs to clarify the issues at stake.

Parental controls – arbitrary blocking of legal content

Parental controls are a functionality which allow a parent to configure their internet connection to suit their own values and the educational development of their children. As they are configured by the parent and not turned on by default, they are entirely irrelevant to net neutrality legislation.

The UK approach is fundamentally different. It is best described by the GSM Association, which foresees a far more intrusive approach, which ignores the development of the child. It treats all users as children by default and the default can only be changed if the user goes in person to the providers shop in order to ask for an “adult” service (i.e. not a random “child” setting). The GSM Association explains the process as follows:

“Example_Operator categorises all customers as either ‘child’ (the default) or ‘adult’. The customer must present credentials to the retail store to achieve ‘adult’ categorisation. User Ch is a ‘child’ and user Ad is an ‘adult’ connected to the Example_Operator network.” Source: http://www.gsma.com/newsroom/wp-content/uploads/WWG-04-v1-0.pdf

Implementing legislative provisions – arbitrary blocking of content that might be illegal

The Commission initially proposed – in clear contradiction to its obligations under the Charter of Fundamental Rights of the European Union – that internet providers should be able to block or filter traffic on an entirely arbitrary basis to “prevent or impede” “serious crime”, with no definition of what crimes it might be talking about. This was rejected by the Parliament, while even the Council pointed out that this appeared

“to raise certain legal issues relating to the Charter of Fundamental Rights of the European Union and/or the 2002/58 ePrivacy Directive, including with respect to confidentiality of communications”.

(Council text of 20 January 2015)

Deliberately ambiguous legislation – better regulation?

No clarification of the legal issues was made and the approach from the Council and Commission is to propose deliberately and obviously ambiguous text (which is hardly a good start for the “better regulation” agenda). We are now left with text that can be interpreted to mean anything:

“These matters remain thus subject to Union legislation or national legislation in compliance with Union law, including measures giving effect to such Union or national legislation (for example, court orders, administrative decisions or other measures implementing, applying or ensuring compliance with such legislation).”

(Council text of 22 May 2015)

The most recent compromise-free text from the Council also contains a baffling text that helpfully tells internet users that they “should” respect the law if the law prohibits them from accessing certain content:

If those measures prohibit end-users to access unlawful content (such as, for example, child pornography), end-users should abide by those obligations by virtue of and in accordance with that Union or national law.

(Council text of 22 May 2015)

Will the Parliament really capitulate and allow these proposals to be adopted? We will find out in the next few weeks.

Net neutrality – is the European Parliament ready to accept complete failure? (25.05.2015)
https://edri.org/net-neutrality-fail/

Net neutrality: document pool II (updated on an ongoing basis)
https://edri.org/net-neutrality-document-pool-2/

Parental controls Infographics (pdf)
https://edri.org/files/blocked_infographics.pdf

blocked_infographics_small

Twitter_tweet_and_follow_banner

close
25 May 2015

Net neutrality – is the European Parliament ready to accept complete failure?

By Joe McNamee

After an overwhelming vote in favour of net neutrality by the European Parliament in April 2014, this position in favour of free speech, competition and innovation is now in danger.

The negotiations between the European Parliament (the only directly-elected institution of the European Union) and the Council of the European Union (“the Council,” representing the EU Member States) are part of a legislative proposal on net neutrality and mobile roaming. In principle, both institutions have equal power (“codecision”), although the Parliament can obviously claim a degree of democratic legitimacy. Before the last European Parliament election, a large majority in the Parliament adopted a strong text in favour of net neutrality (its so called “first reading”).

Negotiations (a so-called “trialogue” procedure) involving the Council, the European Commission and the Parliament started in March 2015. In these negotiations, the Council has shown no respect whatsoever for the European Parliament’s position. The only movement in the negotiations on any of the points in the proposal has involved concession after concession by the European Parliament, which has received absolutely nothing in return. The result is that we are now potentially days away from an end to net neutrality in the European Union.

The Council has refused to negotiate on the basis of the Parliament’s agreed position. As a result, the Parliament conceded and produced a compromise text based on the Council’s proposal. The following is a summary of the developments so far (the numbering below is based on the Council’s most recent text), based on a confidential proposal sent by the Council to the Parliament on 22 May, 2015.

Article 1 (Scope): The Parliament’s first reading adopted an expansive article on scope, including measures to “facilitate the practical exercise of the right of citizens and businesses to access competitive, secure and reliable electronic communications services”.

In contrast, the proposal for Article 1 in the Council’s most recent proposal only (undefined) “open internet access”.

Summary: Complete rejection of Parliament’s position

Article 2 (Definitions): The Parliament’s first reading adopted a definition of “net neutrality” and included a reference to the principle of net neutrality in the definition of “internet access service”. The Council’s text avoids all mention of net neutrality.

Summary: Complete rejection of Parliament’s position

Article 3 (Safeguarding of open internet access)

The Council includes text on non-discrimination, but only in relation to the implementation of exceptions (for court orders, network security, etc). The Parliament’s first reading text was more comprehensive, prohibiting internet access service providers from discriminating “between functionally equivalent services and applications”.

Summary: Rejection of core element of Parliament’s position

Article 3, Paragraph 1
: The Council includes text “clarifying” that illegal information, content, applications and services are illegal. Without this superfluous reference, EU and national law would clearly be applicable in any case. As this text is entirely unnecessary, the Parliament had deleted it in first reading.

Summary: Complete rejection of Parliament’s position

Article 3, Paragraph 2: The Council’s text gives internet access services providers open-ended rights to offer discriminatory services to end-users. The only safeguard in the text is that end-user’s choice and the right to access and distribute information should not be limited. The Parliament’s first reading said that such access must “not discriminate between functionally equivalent services and applications”. As late as January of this year, the Council contemplated giving Member States the right to ban price discrimination, before deciding to opt to allow all forms of anti-competitive, anti-free speech, anti-innovation discrimination.

Summary: The Parliament’s position that would prohibit discriminatory services is rejected.

Article 3, Paragraph 3 a: The Council proposes ambiguous text saying that, in addition to measures taken to implement court orders or orders by competent authorities, it should also be possible for internet providers to take “measures giving effect” to Union or national legislation. This suggests some form of voluntary and arbitrary censorship, which would be in contradiction to Article 52 of the Charter of Fundamental Rights. Confirmation of the legally dubious nature of this approach can be found in a Council document published in January 2015, which stated that this “may raise legal concerns vis-à-vis the Charter of Fundamental Rights and the e-Privacy Directive”. To our knowledge, no legal analysis was ever produced to address these concerns.

The Parliament’s first reading simply said, in line with the Charter, that restrictions on internet traffic by internet service providers should be implemented if complying with a court order.

Summary: Complete rejection of Parliament’s position and violation of Article 52 of the Charter.

Article 3, Paragraph 3 b: Preserving the integrity and security of the network. This is unchanged in texts from all institutions.

Summary: No change

Article 3. Paragraph 3 c: The Council text provides an exception for traffic management imposed in relation to congestion that is either exceptional or temporary (implicitly acknowledging that regular, but temporary, congestion is acceptable). The Parliament’s first reading said that this exception should only cover congestion which was both temporary and exceptional.

Summary: Complete rejection of Parliament’s position

Article 3. Paragraph 3 d: Neither e-mail filters and parental controls software are relevant for this legislation, as they are not directly part of the internet access service. In it is initial position, the Council said that an (unnecessary) exception could be offered if these services were explicitly requested by the end user. This was then weakened to cover situations where this was simply consented to by the end-user (in the small print of the contract the user signs up to for example). As this entire provision is redundant, the Parliament deleted it in its first reading.

Summary: Complete rejection of Parliament’s position

Article 3. Paragraph 4: The Council’s text states that the Article must only entail measures that are necessary and proportionate to achieve the objectives of Article 3 and that they must be in line with data protection legislation. However, the new text on “other measures” and parental controls have no stated or obvious objectives (the “objective” is to offer these services), leading to this paragraph now being logically incoherent, in contradiction to the Parliament’s first reading text.

Summary: Complete rejection of Parliament’s position

Article 3. Paragraph 5: The Council’s text foresees the provision of “optimised services”, with no obligation that be offered on a non-discriminatory basis. The only safeguards are that they are not substitutable (without providing a definition) and that they do not interfere with the quality of internet access for other end-users (i.e. they can interfere with the quality of internet access for the end user availing of these “optimised services”) – in obvious contradiction to the requirement that they not be substitutable for internet access services. In contrast, the Parliament’s first reading had a clear non-discrimination principle, based on its definition of “specialised services”.

Summary: Complete rejection of Parliament’s position

Conclusion

  • From an institutional and democratic perspective, it is completely unacceptable to have the European Parliament’s position overturned in this way.
  • From the perspective of freedom of communication and respect for the Charter, it is unacceptable to replace the open internet with a network that permits discrimination and arbitrary interferences with data traffic.
  • From an economic perspective, after the US Federal Trade Commission adopted measures to permit effective protection for net neutrality, the competitive damage for European innovators and start-ups will be enormous.

    The Parliament must assert itself more strongly.

    close
  • 20 May 2015

    EDRi-gram 300: Digital rights news from 2025

    By Kirsten Fiedler

    We are proud to present the 300th edition of the EDRi-gram as an eBook entitled “Digital rights news from 2025″!

    EDRi-gram300_blogpost1

    Since 2003, the EDRi-gram is reporting on developments across Europe to raise awareness of attacks on freedom of expression and privacy as well as to highlight good news and best practice. The EDRi-gram publishes free speech and privacy advocates’ media stories from across Europe every two weeks. EDRi’s members, observers and guest authors frequently contribute with reports and analysis from their home countries.

    To celebrate our 300th edition, we have collected articles from the brightest stars in the digital rights universe. In the articles, they imagine what they will be writing about in 2025.

    Editors: Joe McNamee, Kirsten Fiedler, Heini Järvinen

    With contributions by: Dunja Mijatović, Hans de Zwart, Simon Davies, Jillian C. York, Cory Doctorow, Katarzyna Szymielewicz, Joe McNamee, Jesper Lund, Kirsten Fiedler, Erich Moechel, Raegan MacDonald, Estelle Massé, Douwe Korff, Bogdan Manolea, Monica Horten and Annie Machon.

    The anniversary edition is available in various formats, including a DRM-free ebook (.epub ), a .pdf version and is published under a CC-by-sa licence on our website and on all major retailers worldwide.

    Get your copy:

    EDRi-gram300_blogpost2

    EDRi-gram_subscribe_banner

    Twitter_tweet_and_follow_banner

    close
    19 May 2015

    Open Letter to Mark Zuckerberg: Internet.org vs. Net Neutrality, Privacy and Security

    By Maryant Fernández Pérez

    On 18 May 2015, EDRi signed a joint open letter together with other 64 civil society organisations expressing concerns about Internet.org and asking Facebook’s CEO Mark Zuckerberg to defend Net neutrality, Privacy, Security and other rights in relation to Internet.org. You can read the letter below:

    Dear Mark Zuckerberg,

    We, the undersigned, share a common concern about the launch and expansion of Facebook’s Internet.org platform and its implications for the open Internet around the world. On that open Internet, all content, applications and services are treated equally, without any discrimination. We are especially concerned that access for impoverished people is construed as justification for violations of net neutrality.

    It is our belief that Facebook is improperly defining net neutrality in public statements and building a walled garden in which the world’s poorest people will only be able to access a limited set of insecure websites and services. Further, we are deeply concerned that Internet.org has been misleadingly marketed as providing access to the full Internet, when in fact it only provides access to a limited number of Internet-connected services that are approved by Facebook and local ISPs. In its present conception, Internet.org thereby violates the principles of net neutrality, threatening freedom of expression, equality of opportunity, security, privacy and innovation.

    We support the goal of bringing affordable Internet access to the two-thirds of the world who currently lack it. Many of us have been working for years on initiatives to bridge the digital divide, such as building Internet access facilities in public libraries and telecentres, supporting community broadband, local telecom ventures, public investment in broadband infrastructure, making websites and services more accessible to people with feature-phones and more. We have always sought to provide non-discriminatory access to the full open Internet, without privileging certain applications or services over others and without compromising the privacy and security of users.

    Internet.org appears to be taking another route.

    In a May 4 video, you announced new rules pertaining to Internet.org and argued that net neutrality and Internet.org are not in conflict. However, on the accompanying website, the new rules explicitly state that “websites must be properly integrated with Internet.org to allow zero rating.”

    Below we articulate our concerns about the current structure and implementation of Internet.org:

    • Net neutrality: Net neutrality supports freedom of expression and equality of opportunity by enabling people to seek, receive and impart information, and to interact as equals. It requires that the internet be maintained as an open platform on which network providers treat all content, applications and services equally, without discrimination. An important aspect of net neutrality states that everyone should be able to innovate without permission from anyone or any entity. We urge Facebook to assert its support for a true definition of net neutrality in which all applications and services are treated equally and without discrimination — especially in the majority world, where the next three billion Internet users are coming online — and to address the significant privacy and security flaws inherent in the current iteration of Internet.org.
    • Zero rating: Zero rating is the practice by service providers of offering their customers a specific set of services or applications that are free to use without a data plan, or that do not count against existing data caps. This practice is inherently discriminatory — which is why it has been banned or restricted in countries such as Canada, the Netherlands, Slovenia and Chile. Zero rating is currently Internet.org’s basic model: Facebook is partnering with ISPs around the world to offer access to certain Internet applications to users at no cost. These agreements endanger freedom of expression and equality of opportunity by letting service providers decide which Internet services will be privileged over others, thus interfering with the free flow of information and people’s rights vis-a-vis networks.
    • Nomenclature: Internet.org misleadingly labels zero-rated applications the “Internet,” when in fact users only receive access to a tiny portion of it. The project acts as a “walled garden” in which some services are favored over others — again, a violation of net neutrality.
    • Freedom of expression: The project raises other freedom of expression risks. The censorship capability of Internet gateways is well established — some governments require ISPs to block access to sites or services. Facebook appears to be putting itself in a position whereby governments could apply pressure to block certain content, or even, if users must log in for access, block individual users. Facebook would find itself mediating the real surveillance and censorship threats to politically active users in restrictive environments. The company should not take on this added responsibility and risk by creating a single centralized checkpoint for the free flow of information.
    • Privacy: We are very concerned about the privacy implications of Internet.org.Facebook’s privacy policy does not provide adequate protections for new Internet users, some of whom may not understand how their data will be used, or may not be able to properly give consent for certain practices. Given the lack of statements to the contrary, it is likely Internet.org collects user data via apps and services. There is a lack of transparency about how that data are used by Internet.org and its telco partners.Internet.org also provides only a handful of applications and services, making it easier for governments and malicious actors to surveil user traffic.
    • Security: The current implementation of Internet.org threatens the security of users. The May 4 update to the program prohibits the use of TLS (Transport Layer Security), Secure Socket Layer (SSL) or HTTPS encryption by participating services. This inherently puts users at risk, because their web traffic will be vulnerable to malicious attacks and government eavesdropping.
    • Two-tiered Internet: The economic boom and revolution in connectivity that the Internet created in developed countries needs to be shared equally with the next three billion people. Internet.org’s model — giving users a taste of connectivity before prompting them to purchase pricey data plans — fails to acknowledge the economic reality for millions of people who can’t afford those plans. These new users could get stuck on a separate and unequal path to Internet connectivity, which will serve to widen — not narrow — the digital divide.Facebook, in its stated intentions to connect billions to the Internet, should strongly support and advocate for safeguarding the principle of net neutrality, privacy, security and other user rights in its discussions with national governments and regulators, while also applying these standards to its business initiatives.

    Signed,

    18MillionRising.org – US
    Access – Global
    Ageia Densi Colombia – Colombia
    Baaroo Foundation – Netherlands
    Bits of Freedom – Netherlands
    Center for Media Justice – US
    Centre Africain D’Echange Culturel (CAFEC) – Democratic Republic of Congo
    Coding Rights – Brazil
    Coletivo Intervozes – Brazil
    Colnodo – Colombia
    ColorofChange.org – US
    Community Informatics Network – Global
    Data Roads Foundation – Global
    Digital Rights Foundation – Pakistan
    Digitale Gesellschaft – Germany
    European Digital Rights (EDRi) – EU
    Fight for the Future – US
    Förderverein freie Netzwerke e.V. / freifunk.net – Germany
    Free Press Unlimited – EU
    Fundacion Karisma – Colombia
    Fundacion para la Libertad de Prensa – Colombia
    Future of Music Coalition – US
    Global Voices Advocacy – Global
    Greenhost – Netherlands
    i freedom Uganda – Uganda
    ICT Watch – Indonesia – Indonesia
    Initiative für Netzfreiheit – Austria
    Instituto Bem Estar Brasil – Brazil
    Instituto Beta para Internet e Democracia – IBIDEM – Brazil
    Instituto NUPEF – Brazil
    Integrating Livelihoods through Communication Information Technology for Africa – Uganda
    International Modern Media Institute – Iceland
    Internet Policy Observatory Pakistan – Pakistan
    IPANDETEC – Panama
    IT for Change – India
    IT-Pol Denmark – Denmark
    Just Associates Southern Africa – Africa
    KICTANet – Kenya
    Korean Progressive Network Jinbonet – South Korea
    Media Alliance – US
    Media Matters for Democracy (Pakistan) – Pakistan
    Media Mobilizing Project – US
    MediaNama – India
    Movimento Mega – Brazil
    Open Wireless Network of Slovenia – Slovenia
    OpenMedia – Global
    Paradigm Initiative Nigeria – Nigeria
    Popular Resistance – US
    Protege Qv – Cameroon
    Red en Defensa de los Derechos Digitales (R3D) – Mexico
    RedPaTodos – Colombia
    RIght 2 Know Campaign – South Africa
    RootsAction.org – US
    Samuelson-Glushko Canadian Internet Policy & Public Interest Clinic (CIPPIC) – Canada
    SavetheInternet.in – India
    Savvy System Designs – US
    Southeast Asia Freedom of Expression Network/Safenet – Southeast Asia
    TEDIC – Paraguay
    The Agency League of Musicians – US
    The Heliopolis Institute – Egypt
    The Media Consortium – US
    Unwanted Witness – Uganda
    Usuarios Digitales – Ecuador
    Vrijschrift – Netherlands
    WITNESS – Global
    xnet – Spain
    Zimbabwe Human Rights NGO Forum – Zimbabwe

    Twitter_tweet_and_follow_banner

    close
    11 May 2015

    Digital rights at re:publica 2015

    By Heini Järvinen

    The re:publica 2015, one of the biggest digital culture conferences in the world, took place on 5-7 May in Berlin, Germany. Many EDRi members and observers contributed to this year’s event motto “Finding Europe”. We have therefore collected the most exciting talks from our network:

    Internet censorship around Europe since ACTA (in English)

    Joe McNamee & Kirsten Fiedler, European Digital Rights

    Disrupting the Surveillance Ecosystem (in English)

    Jérémie Zimmermann, La Quadrature du Net; Raegan MacDonald, Access; Parker Higgins, Electronic Frontier Foundation

    The NSA are not the Stasi: Godwin for mass surveillance (in English)

    Cory Doctorow, Electronic Frontier Foundation

    Who is more real: me or my digital profile? (in English)

    Katarzyna Szymielewicz, Panoptykon Foundation

    Copyright reform, state of play (in English)

    Walter van Holst, Vrijschrift; Ásta Helgadóttir, IMMI

    Spy Animals! (in English)

    Jillian York, Electronic Frontier Foundation; Claudio Guarnieri

    Finding a European way on internet governance (in English)

    Frederic Dubois, Internet Policy Review; Andrea Calderaro, Institute for Internet & Society; Amelia Andersdotter, Pirate Party (Sweden); Maciej Tomaszewski, DG CONNECT, European Commission; Raegan MacDonald, Access

    Next up on the political agenda: Cybersecurity (in English)

    Anita Gohdes, Uni Mannheim / HRDAG; Becky Kazansky, Tactical Tech; Jillian York, Electronic Frontier Foundation; Cathleen Berger, Federal Foreign Office

    Netzneutralität – Endspurt in Europa (in German)

    Thomas Lohninger, Initiative für Netzfreiheit

    Netzpolitischer Abend des Digitale Gesellschaft e.V. (in German)

    Die Netzgemeinde ist am Ende. Jetzt geht’s los. (in German)

    Markus Beckedahl, netzpolitik.org & Digiges; Leonhard Dobusch, Freie Universität Berlin

    Podcast: Demystifying the algorithm: who designs your life? (in English)

    Hans de Zwart, Bits of Freedom

    close
    06 May 2015

    You can now become an official EDRi Supporter

    By Heini Järvinen

    You don’t have much time but you want to contribute to the fight for your rights and freedoms? We have launched a “Supporter” status for those motivated individuals who want to support our work for net neutrality, strong privacy protections and a reform of copyright rules in Europe.

    All the Supporters receive exclusive updates, and our goodies – for example stickers and bags. The donations are collected monthly via SEPA direct debit mandates. Supporters can choose from four categories: “Valued supporter” (5 euro per month), “Epic supporter” (20 euro per month), “Legendary supporter” (50 euro per month) and “Random supporter” (amount of your own choice).

    Since its creation in 2002, EDRi has been defending and promoting human rights and freedoms in the digital environment, having evolved from being a decentralised alliance with no staff to an influential organisation with a Brussels office and professional staff with standing and credibility in key European policy circles. Today, six full-time employees in the Brussels office are working hard to defend your online rights and freedoms. At the same time, the number of legislative proposals has been continuously increasing, and industry lobbyists in Brussels still have vastly more resources in order to influence EU policy making. Regular contributions are now needed more than ever, to redress the balance, and to keep the voice of civil society heard in the EU decision making.

    If becoming a Supporter feels like too big a commitment, there is a possibility to make a one-off-donation via PayPal, Credit Card, Bitcoin, Flattr or bank transfer. For those who don’t have the means to participate financially, we welcome and greatly appreciate help with translations, as well as distributing our articles, booklets and other material though social networks. If you could consider volunteering, don’t hesitate to contact us by e-mail at brussels(at)edri.org, to find out which would be the best way for you to get involved.

    Become a Supporter
    https://edri.org/supporters/

    Make a one-off-donation
    https://edri.org/donate/

    Donation FAQ
    https://edri.org/donation-faq/

    EDRi-gram_subscribe_banner

    Twitter_tweet_and_follow_banner

    close
    06 May 2015

    Slovakia: Mass surveillance of citizens is unconstitutional

    By Guest author

    Slovakia’s data retention law is now history. On 29 April, the Constitutional Court of the Slovak Republic ruled that the mass surveillance of citizens is unconstitutional. The decision was made in the context of proceedings initiated by 30 Members of the Parliament on behalf of the European Information Society Institute (EISi), a Slovakia-based think-tank.

    In a non-public session, the Grand Chamber of the Constitutional Court (PL. ÚS 10/2014) ruled that provisions of Act on Electronic Communications (Act No. 351/2011 Coll.), which until now required mobile network providers to track the communication of their users, as well as provisions of the Penal Code (Act No. 301/2005 Coll.), and the Police Force Act (Act No. 171/1993 Coll.), which allowed access to this data, to be in contradiction to the constitutionally guaranteed rights of citizens to privacy and personal data. As a consequence, these provisions lost their binding effect.

    According to now invalid provisions of the Electronic Communications Act, the providers of electronic communications were obliged to store traffic data, location data and data about the communicating parties for a period of six months (in the case of Internet, email or Voice over IP (VoIP) communications) or for a period of 12 months (in case of other communications). Data about unsuccessful calls was also stored for the same periods. Moreover, the legal framework regulating the access to data retention data was completely arbitrary and considerably less stringent than comparable provisions on wire-tapping.

    In the opinion of EISi, the introduction of these obligations constituted a substantial encroachment upon the private life of individuals – especially because this mandated a blanket monitoring of all inhabitants of Slovakia, regardless of their innocence or prior behaviour. The data retention requirements mandated that every day the data about every inhabitant of Slovakia must be collected, amassing a profile of who called whom, to whom someone sent an SMS or email, when the person sent it, from which location, using what type of device or service, how long the communication took, and many others details. It almost goes without saying that combining of all this information made it possible to perfectly analyse the movements of every inhabitant of Slovakia using a mobile phone or the internet. This allowed the behaviour, circle of acquaintances, hobbies, health, sexuality and other information that citizens might prefer to keep to themselves to be predicted.

    The decision marks an end to EISi’s five-year battle against mass surveillance. Soon after the launch of the now unconstitutional data retention requirements, EISi authored a short report pointing out the basic discrepancies between the Act on Electronic Communications (“the Act”) and its data retention provisions, and the fundamental rights embodied in the Slovak constitution, the EU Charter of Fundamental Rights and Freedoms, and the Convention for the Protection of Human Rights and Fundamental Freedoms. This report was then presented in the form of a motion to two local authorities, which, despite the evidence, reached the view that the data retention provisions do not lead to an interference with the fundamental rights and freedoms of citizens. , and no proceedings before the Constitutional Court were initiated.

    EISi then put together a submission for the Constitutional Court, and started asking for the support of the Members of the Parliament, who can also initiate such a constitutional review. The submission gained the support of the required number of MPs, 30 signatures, and a motion was filed before the Constitutional Court successfully.

    The decision of the Constitutional Court of the Slovak Republic was issued almost a year after the Court of Justice of the European Union (CJEU) proclaimed the Data Retention Directive invalid in the spring of 2014. At that time, the Constitutional Court of Slovakia promptly reacted by suspending the collection of data through a preliminary measure. By the virtue of the decision on 29 April, data collection was completely cancelled.

    So far, only the final outcome of the decision is known. The reasoning of the court is expected to be available within three months.

    EISi’s press release: The Slovak Constitutional Court cancelled mass surveillance of citizens (29.04.2015)
    http://www.eisionline.org/index.php/en/projekty-m-2/ochrana-sukromia/109-the-slovak-constitutional-court-cancelled-mass-surveillance-of-citizens

    Slovak Constitutional Court Suspends Data Retention Legislation (23.04.2015)
    http://www.eisionline.org/index.php/en/projekty-m-2/ochrana-sukromia/74-us-data-retention-suspension

    Data Retention before the Slovak Constitutional Court
    http://www.eisionline.org/index.php/en/projekty-m-2/ochrana-sukromia/49-slovak-case-on-data-retention

    The quest for privacy in Slovakia: The case of data retention
    www.giswatch.org/en/country-report/communications-surveillance/slovak-republic

    (Contribution by Matej Gera, European Information Society Institute – EISi, Slovakia)

    EDRi-gram_subscribe_banner

    Twitter_tweet_and_follow_banner

    close
    06 May 2015

    Privacy Cafés launched to improve secure communications in the EP

    By Heini Järvinen

    Ever since the publication of documents from the Snowden archive, which indicate that the US National Security Agency (NSA) and the UK Government Communications Headquarters (CGHQ) were behind the cyber-attacks on the European institutions, an improvement of the European Parliament’s IT security was to be expected. The report by Civil Liberties Committee Chair Claude Moraes on mass surveillance therefore called on Directorate-General for Innovation and Support (DG ITEC), the service in charge of security in the European Parliament, to carry out a thorough analysis, to make recommendations and to present a final report in June 2015. Unfortunately, the developments have been rather slow so far. Two years after the first revelations, Parliamentarians are still not able to receive or send encrypted communications.

    Therefore, on 21 April 2015, EDRi organised, together with EDRi members Liga voor Mensenrechten and Access, the first Privacy Café in the European Parliament (EP). The goal of the Privacy Café was to give Members of the European Parliament (MEPs) and their assistants an overview on the importance of protecting their privacy, and to introduce a selection of practical tools to improve the privacy of their private and professional communications. After the introductory presentation, each participant could join one or several hands-on workshops, to learn about email encryption, mobile messaging or private browsing. The instructors went through the installation of the tools, and offered advice and practical help to the participants. Step-by-step instructions for each tool were also available in printed format.

    The European Parliament has a lot to improve from the point of view of privacy and secure communications; the default solutions on the professional devices for browsing the Internet, document sharing and sending internal emails are often not privacy friendly, and installing add-ons or software enhancing privacy (such as GPG4Win) is made difficult or impossible.

    The event raised a lot of interest and positive attention. To continue the work to increase awareness of privacy issues within the EP, more Privacy Cafés are being planned. Among the participants were representatives from the DG ITEC, the body responsible for providing IT support to MEPs and Political Groups, and for running of the European Parliament computing and network centre. EDRi is now in contact with them, to investigate the possibilities to discuss for improvements to the current tools and practices in place in the EP.

    EDRi-gram: EDRi launches privacy trainings in the European Parliament (28.01.2015)
    https://edri.org/edri-launches-privacy-trainings-in-the-european-parliament/

    Belgacom Attack: Britain’s GCHQ Hacked Belgian Telecoms Firm (20.10.2013)
    http://www.spiegel.de/international/europe/british-spy-agency-gchq-hacked-belgian-telecoms-firm-a-923406.html

    Parliamentary question: Regin malware used in cyber attacks on EU institutions and Belgacom (05.12.2014)
    http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+WQ+E-2014-010269+0+DOC+XML+V0//EN
    Hand-out: What Is Encryption?
    https://edri.org/files/PrivacyCafe_20150421_Encryption.pdf

    Hand-out: How to use PGP on a Windows PC
    https://edri.org/files/PrivacyCafe_20150421_PGPWindows.pdf

    Hand-out: How to use RedPhone on Android
    https://edri.org/files/PrivacyCafe_20150421_RedPhone.pdf

    Hand-out: How to use Signal – Private Messenger
    https://edri.org/files/PrivacyCafe_20150421_Signal.pdf

    Hand-out: How to use TextSecure on Android
    https://edri.org/files/PrivacyCafe_20150421_TextSecure.pdf

    Hand-out: How to leave fewer traces while you’re surfing
    https://edri.org/files/PrivacyCafe_20150421_FewerTraces.pdf

    EDRi-gram_subscribe_banner

    Twitter_tweet_and_follow_banner

    close
    06 May 2015

    Emotion tracking company gets funding from the European Commission

    By Guest author

    Realeyes is a London based start-up company that tracks people’s facial reactions through webcams and smartphones in order to analyse their emotions. The analysed data is used to help companies maximise the impact of their advertising and market research campaigns. The technology allows the companies to know how consumers feel when they view the video content.

    Realeyes has just received a 3,6 million euro funding from the European Commission to further develop emotion measurement technology. This grant is part of Horizon 2020, an EU research and innovation programme designed to encourage European competitiveness. This is happening at the same time as, the EU is trying to reform the current data protection legislation. In the absence of a meaningful update of the current legal framework, it is questionable whether the current data protection law can provide an adequate level of protection, and be effective in balancing different interests when it comes to profiling.

    The technology is based on six basic emotional states that, according to the research of Dr Paul Ekman, a research psychologist, are universal across cultures, ages and geographic locations. The automated facial coding platform records and then analyses these universal emotions: happiness, surprise, fear, sadness, disgust and confusion. The company is planning to develop the technology so that in the future even liking, boredom or attraction could be measured.

    According to those supporting the use of such technology, this technological development could be a very powerful tool not only for advertising agencies, but as well for improving classroom learning, increasing drivers’ safety, or to be used as a type of lie detector test by the police. To participate in the study for testing and developing the tool, people are asked to give their consent and then share their subconscious responses to the content presented by simply using the webcam.

    However, the technology raises some serious privacy concerns regarding the usage, storage and control of the data collected. First of all, the software not only detects consumers’ facial expression, but also a person’s gender and age bracket. Furthermore, according to the Realeyes privacy policy, even IP addresses and website usage information are being collected by placing cookies on consumers’ computers. All the collected data is being stored in a massive database, and the company has the possibility to combine all the data sets in order to build a more specific profile of a person. Lastly, the vague definition of retention period does not provide any degree of control or predictability to consumers, since the privacy policy says that personal information will be stored “for as long as it is required” for their research and business purposes. According to Anna Fielder, board chair of Privacy International, it is questionable whether the consumers, when consenting to the study, can truly understand how the technology was being implemented.

    Profiling represents one of the biggest challenges for privacy due to the mass surveillance and technological capabilities of linking and analysing all the widely available data. Bearing in mind, for example, that the European Commission, in its proposal for the update of data protection legislation, introduced an option for Member States not to implement protections against profiling, its approach to this important issue seems profoundly reckless.

    Emotion tracking start-up gets EU funding boost (17.04.2015.)
    http://blogs.wsj.com/digits/2015/04/17/emotion-tracking-startup-gets-eu-funding-boost/

    Webcam-based emotion ad tracking is a real thing and big brands are doing it (27.04.2015.)
    http://adexchanger.com/online-advertising/webcam-based-emotion-ad-tracking-is-a-real-thing-and-big-brands-are-doing-it/

    Realeyes FAQs
    http://www.realeyes.me/faqs

    Realeyes Privacy Policy
    http://www.realeyes.me/privacy

    Googling your brain: latest “data protection” proposals from Council (14.01.2015.)
    https://edri.org/googling-your-brain-latest-data-protection-proposals-from-council/

    (Contribution by Morana Perušić, EDRi intern)

    EDRi-gram_subscribe_banner

    Twitter_tweet_and_follow_banner

    close