freedom of expression

Freedom of expression is one of the key benefits of the digial era. The global information society permits interaction on a scale that was previously unheard of – promoting intercultural exchange and democracy. Consequently, the protection of this freedom is central to much of EDRi’s work.

12 Aug 2015

Portugal: “Voluntary” agreement against copyright infringements

By Maryant Fernández Pérez

On 30 July 2015, copyright and related rights-holders associations, the General Inspection of Cultural Activities (IGAC), the Portuguese Consumer Directorate-General, the Portuguese Association of Telecom Operators, the organisation responsible for .pt domain registrations DNS.PT, the anti-“piracy” group MAPINET, advertising associations, and (unidentified) consumer associations agreed on a Memorandum of Understanding aimed at protecting copyright and related rights online.

This “self-regulatory” agreement, facilitated and promoted by the Portuguese government, is expected to enter into force around mid-August 2015. Although it has not been published, parts of its content have been reported by Portuguese news sites and the parties involved.

According to those sources, the agreement will allow the signatory copyright associations to notify MAPINET of websites that contain either a minimum of 500 works which allegedly infringe copyright and/or content providers’ rights, or sites that contain two-thirds allegedly infringing contents. MAPINET will be in charge of gathering the evidence submitted by the associations and will forward a maximum of two wide-ranging complaints to IGAC per month. IGAC then contacts Internet Service Providers (ISPs) to restrict access to the websites through “Domain Name System (DNS) blocking” within 15 working days. It is reported that the blocks expire after a year, unless IGAC determines otherwise. Additionally, the affected websites will be excluded from carrying advertisements.

While the Portuguese government claimed this agreement is a pioneering system in Europe, similar mechanisms already exist, for example in the United Kingdom. Besides their differences, both systems including “voluntary” agreements are detrimental to the right to a fair trial, presumption of innocence, freedom of communication and eventually free expression. As reported (and subject to further examination of the content of the agreement), this Memorandum of Understanding has no evidence that it might be effective, it falls outside the rule of law, has the power to violate human rights online without responsibility for the parties, and lacks transparency.

First, DNS blocking is not effective because it can be easily circumvented, even by accident. When you type to your browser the domain name of the website you want to access, your computer identifies the corresponding IP address. If your ISP blocks that domain address, your access to it will be restricted. However, all that is required to circumvent it is the use of alternative and freely available DNS servers, such as OpenDNS. MAPINET’s Secretary General acknowledged this inefficiency, but expects Internet users not to be “techie” enough, the Portuguese news site SAPO Tek reported.

Secondly, this agreement undermines the rule of law. In fact, privatised enforcement circumvents existing legal protections of human rights and fundamental freedoms online. This agreement is not of a legislative nature and will permit websites to be blocked without a court order. Judicial review will only be available ex post. As an incentive, ISPs will not have to incur in any meaningful cost for the tasks performed under this agreement. In fact, copyright associations will jointly and severally pay for any costs incurred by ISPs and any damages derived from legal actions brought by third parties against ISPs. However, ISPs lack of an incentive to defend human rights and fundamental freedoms online.

Finally, several Portuguese citizens reported to EDRi that their efforts to ask for the publication of this agreement have so far failed. However, article 268 of the Portuguese Constitution and Law 46/2007 entitle citizens to have access to public documents by request. If this right is refused, an appeal before the Portuguese Commission on Access to Administrative Documents (CADA) is possible. One of the most insidious aspects of privatised law enforcement is, of course, that the arrangements are “private”, avoiding the safeguards on which democratic societies are built.

DNS blocking

Self-regulation agreement protects copyright in the digital environment (only in Portuguese, 30.07.2015)

Is online piracy at the end of its days in Portugal? Agreement facilitates website blocking by operators (only in Portuguese, 30.07.2015)

Rapid pirate site blocking mechanism introduced by Portugal (31.07.2015)

ISPs compensated in case of copyright violation (only in Portuguese, 31.07.2015)

Portuguese Commission on Access to Administrative Documents (CADA)

(Contribution by Maryant Fernández Pérez, EDRi)



12 Aug 2015 case: Prosecutor dismissed, inquiry dropped

By Heini Järvinen

As reported previously in EDRi-gram at the end of July 2015, two reporters of a German digital rights blog, Markus Beckedahl and André Meister, were under investigation for treason after the publication of leaked documents revealing plans to expand German internet surveillance. On 10 August, German federal prosecutors announced that the much disputed investigation will be dropped.

When the treason investigation came to light, it raised immediately concerns over freedom of press. Hundreds of journalists, citizens and civil society representatives signed a statement declaring that the investigation for treason and their unknown sources is an attack against the free press, and demanding to end it. Thousands participated in a demonstration organised on 1 August in Berlin to support A great number of politicians expressed also their concerns.

Following the protests, Germany’s prosecutor general, Harald Range, decided to put the investigation on hold, and stated that he would “await the results of an internal investigation into whether the journalists had quoted from a classified intelligence report, before deciding how to proceed.” On 4 August, Justice Minister Heiko Maas requested Range’s dismissal, after consultations with Chancellor Angela Merkel’s office, and questioned the necessity of the investigation. Range justified his actions, stating that he had to proceed the way he did partly for legal reasons. He criticised the government’s interference into the investigation, and called it “intolerable invasion of the independence of the judiciary”. Following the dismissal of the prosecutor general, it was revealed that the Ministry of Interior had detailed knowledge about every phase of the investigation.

Less than a week after Range’s dismissal, the case took a new turn when the acting federal prosecutor announced that he had concluded, in agreement with the Ministry of Justice, that the leaked documents didn’t constitute state secrets, and that the investigation will be dropped.

The journalists at have asked the German government to confirm if surveillance measures have been put in place by the state in order to monitor their activities. “We want to know concretely if we were the subject of surveillance during the nearly three-month probe,” said Markus Beckedahl in a statement posted on the blog.

Germany’s top prosecutor drops treason probe of Netzpolitik bloggers (10.08.2015)

German journalists celebrate as treason inquiry is dropped (10.08.2015)

EDRi-gram: Leaked documents: German news site investigated for treason (31.07.2015)

Jacob Applebaum: The nightmare is punishment (06.08.2015)

The Statement: The investigation against for treason and their unknown sources is an
attack against the free press

Germany pauses treason investigation into journalists (02.08.2015)

German justice minister to request prosecutor’s dismissal over treason case (04.08.2015)



12 Aug 2015

Facebook patent: Lending based on social connections

By Heini Järvinen

The United States Patent and Trademark Office (PTO) has granted Facebook a patent which could allow “authenticating an individual for access to information or service based on that individual’s social network.” The main use for this technology is to allegedly prevent members of a network from sending spam to other members with whom they aren’t legitimately connected. It could, however, also be used by lenders, to let a borrower’s social network connections determine his or her credit worthiness.

The patent describes the technology that could potentially be used for evaluating credit risks:

“In a fourth embodiment of the invention, the service provider is a lender. When an individual applies for a loan, the lender examines the credit ratings of members of the individual’s social network who are connected to the individual through authorized nodes. If the average credit rating of these members is at least a minimum credit score, the lender continues to process the loan application. Otherwise, the loan application is rejected.”

If used for this purpose, the patented technology could help lenders discriminate against certain borrowers. It’s obviously questionable if having friends with bad credit scores is a valid criterion to assume a person is a bad credit risk, but it’s probable that some banks would nevertheless appreciate this addition to their loan review process. Using this technology for evaluating loans would be particularly harmful for those who have limited or no access to banking services, or those with previous problems with their credit history, and it could push them for more expensive and risky alternatives.

It’s not clear if Facebook’s intention is to ever try to use the patent for lending, and the legality of using it for such purpose is also unclear. In the US, the Equal Credit Opportunity Act defines strictly what information can and cannot be used to determine loan risks, and accessing an individual’s credit report without his or her consent to investigate the credit risk of another individual might not be a legitimate reason.

Facebook and Your Credit (05.08.2015)

Facebook patents technology to help lenders discriminate against borrowers based on social connections (04.08.2015)

Facebook patent: Your friends could help you get a loan – or not (04.08.2015)



12 Aug 2015

Internet censorship redux – under the guise of regulating gambling

By Guest author

On 12 June 2015 a law came into effect requiring the providers of networks and electronic communication services in Romania to block access to gambling sites as well as sites advertising gambling activities that are unauthorised in the country. Internet Service Providers (ISPs) will now be obliged to implement a website blocking system and use it to filter the connections of all their customers.

In 2011, Government Decision no. 823/2011 raised, for the first time, the spectre of Internet blocking at the ISP level. In 2013, Government Decision no. 298/2013 established the National Office of Gambling (ONJN). This institution is, amongst other things, in charge of monitoring online gambling, and has the authority to force ISPs to abide by their rulings. At the beginning of 2014, ONJN started showing signs that it wants to use this authority to force ISPs to implement a website blocking system. Now a blacklist of websites to be blocked can be already found on the ONJN website.

The European Union included in the common regulatory framework for electronic communications networks and services directive the obligation for Member States not to block or abusively restrict the access to the Internet. Article 1(3a) of Directive 2002/21/EC explicitly states that “measures taken by Member States regarding end-users access to, or use of, services and applications through electronic communications networks shall respect the fundamental rights and freedoms of natural persons, as guaranteed by the European Convention for the Protection of Human Rights and Fundamental Freedoms and general principles of Community law.”

The fundamental problem of blocking measures at the ISP level is that they can be considered as a type of censorship of online content, which raises serious concerns on human rights issues, freedom of speech in particular. Web content is unanimously recognised as a type of mass media, and censoring it is against the Romanian Constitution which states in Article 30(2) that “any censorship shall be prohibited” and 30(4) “no publication shall be suppressed”.

From a technical standpoint, there are numerous documented cases worldwide where, depending on the blocking method being used, Internet blocking lead to overblocking that affected legal websites which happened to share an IP address with a blocked website, or instances where websites (such as Wikipedia or Instagram) were blocked in their entirety just because one piece of offending content. The new legislation is not only about the creation of a blacklist containing the unauthorised websites communicated to the ISPs, but also about identifying websites which show advertisements or other marketing or promotional activities that offer links to online gambling sites. There is a real danger of arbitrary decisions enabled by the interpretation of the text of the law: Is a Facebook page a web page? Is a YouTube video a means of promotion? How about a video? If presents search results which promote unauthorised gambling sites, will it be blocked? How about

Furthermore, the implementation of such a website blocking system means that the tools for Internet censorship will be created and deployed. It would be extremely easy to modify these tools, at a later date, to expand the censorship measures to other subjects. Once the principle is accepted and the technical infrastructure implemented, there is the danger of it snowballing from just illegal/unauthorised gambling into other fields.

For example, the Internet blocking system set up in Italy was initially implemented to restrict access to online gambling. Despite the initial intentions, this has led to websites being blocked in the country for multiple reasons, by multiple institutions. What was a simple blacklist of unauthorised gambling sites in 2006 has grown into a complex list of sites to be blocked, also including sites that have nothing to do with gambling. Unfortunately, Italy is not a unique case. Another similar example is France, which followed a similar path starting from blocking online gambling, just as Italy.

As EDRi has stated in its booklet on Internet blocking, crimes must be punished, not hidden. This should be done with respect to the rule of law, which implies that private companies like ISPs should not be in charge of enforcing these kinds of mechanisms which might lead to restriction of fundamental rights without been proven to be effective, proportional nor necessary. Equally important, we need real action and not cosmetic actions against crimes.

Government Decision no. 823/2011 regarding the modification and completion of Government Decision no. 870/2009 concerning the approval of the methodological norms of Government Emergency Order no. 77/2009 on the organisation and running of gambling operations (only in Romanian, 30.03.2011)

Internet censorship measures coming from ONJN (only in Romanian, 04.02.2014)

The blacklist of sites running unauthorised gambling activities (only in Romanian)

EDRi paper: Internet Blocking

(Contribution by Matei Vasile, EDRi member ApTI, Romania)



05 Aug 2015

Launch of the EU Internet Forum – behind closed doors and without civil society

By Kirsten Fiedler

The European Commission has confirmed to EDRi that it is preparing to partner with US online companies in order to plan the arbitrary monitoring and censorship of European citizens and, contrary to previous assurances, will exclude civil society from these discussions. More disturbingly, this is happening at the same time as the US is preparing the “Cybersecurity Information Sharing Act” (CISA), which grants US companies a “safe harbour” from liability for any damage they cause when enacting counter-measures against security risks.

Last month we reported that, from time to time, the European Commission launches talks with the Internet industry to encourage companies to take “voluntary” action to fight against allegedly illegal or unwanted online activity. Very often, however, these projects seem to be launched or financed without any consideration for lessons learned from past (and mostly failed) enforcement initiatives. Take, for example, the CleanIT project, which proposed that online companies should prevent anonymous use of online services, implement automated detection systems and remove content on the simple request of law enforcement authorities “without following the more labour-intensive and formal procedures for ‘notice and action’”.

In March 2015, a European Union document on the “fight against terrorism” (pdf) charged the Commission with the creation of a “Forum with the Internet service providers community” in order to contribute to Europol’s work (even though this project had been launched a year earlier). Since then, no information has been made public as regards the progress of this “EU Internet Forum”.

Obviously, we wanted to know more and sent an “access to documents” request to the European Commission. In May, the Commission responded, claiming that no documents existed since the forum was not set up at the time of our request. A couple of exchanges and months later, the Commission sent us some – not all – of the requested documents. We received:

These documents reveal that the Commission organised two meetings of the Forum to prepare the official launch of the EU Internet Forum scheduled for the end of the year. These preparatory meetings took place on 27 May and 24 July. Companies were invited to discuss “challenges and scope of engagement in countering online terrorism activity” by, for example, “reducing accessibility” and by challenging “the terrorist narrative online”. An earlier Communication on the EU’s Agenda on Security also stated the objective to explore “the concerns of law enforcement authorities on new encryption technologies” (pdf).

Among the planned activities of the forum are awareness-raising activities for Member States, training sessions and workshops, as well as “reaching out to smaller companies” to enable them to respond to removal requests. A preparatory meeting took place on 27 May and a meeting to “raise awareness” on 24 July.

Despite the fact that the European Agenda on Security initially announced the launch of this “EU-level Forum with IT companies to bring them together with law enforcement authorities and civil society” (emphasis added), we learn from the documents that the Commission did not contact any civil society groups to take part since “it does not directly communicate with community groups or citizens”. The Commission does not explain further why only industry was invited while human rights organisations and NGOs in the field of information technology were ignored. It seems the idea to have civil society on board has been dropped entirely. However, the Commission refers to links on the website of the Radicalisation Awareness Network – apparently in the hope that this would be sufficient to make citizens aware of DG Home’s activities.

In its reply to us, the Commission unfortunately refused to grant us access to preparatory documents of the Forum as it considers that this “could seriously undermine the ability of the Commission and other involved stakeholders to freely exchange their views concerning actions and initiatives to be taken within the IT Forum”. It is clear that discussions regarding activities by online services will directly affect the communications of their customers and therefore ultimately have an impact on citizen’s fundamental right to the freedom of expression. However, human rights organisations and experts in the field of information technologies from academia or civil society do not seem to be considered to be “relevant stakeholders” nor even “interested parties”.

The Commission also argues that it wants to remain “free from external pressure” to explore potential policy options, but some policy options seem already decided, such as including the issue of “detection and removal” of alleged terrorist material (meeting report 7 May) in the upcoming meetings. The EU’s Home Affairs Commissioner Dimitris Avramopoulos is now planning a trip to Silicon Valley to discuss the upcoming launch of the EU Internet Forum – with US service providers.

It is strange that the Commission wishes to remain “free to consider all policy options” while at the same time asking US businesses how online communications should be regulated in Europe. It is even more kafkaesque, when these same US businesses are about to receive near-blanket immunity for activities covered by the draft CISA. This draft Bill grants two new powers to US companies allowing them to launch countermeasures to “cybersecurity threats” and to monitor information systems. The Bill gives immunity to companies for these monitoring activities and whenever they wish to share private data of their customers (including EU customers) with US government agencies – with wide-ranging protection from liability for any damage that they may cause in the process. EDRi-members EFF and Access as well as Fight for the Future are currently campaigning to stop this fatally flawed Bill.

This is a disturbing approach by the US government because, until now, online intermediaries have had little interest in adopting law enforcement roles due to unclear legal protections (“safe harbours”) offered to them in cases where their networks are used for illegal activities. Ever since the failed Stop Online Piracy Act (SOPA) three years ago, the US government has been attempting to change this situation.

In Europe, Member States have the obligation to respect the Charter of Fundamental Rights. However, if measures are applied “voluntarily” by private companies, governments’ obligations under the Charter are not active. Many case studies have shown, private companies limiting fundamental rights in the online space continue, flouting the principle that restrictions on civil and human rights must be based on law (Articles 8 and 10, European Convention on Human Rights; Article 52, European Charter of Fundamental Rights and Article 19, International Convention on Civil and Political Rights).

To avoid another failed project pushing for a privatised law enforcement activities through online service providers, we believe that the Commission should seek expert input to examine whether and how regulation of the European online space by US companies has an impact or unintended consequences for the fundamental rights of European citizens. In January, the EU’s Ministers of Interior emphasised the need to safeguard the Internet, “in scrupulous observance of fundamental reedoms, [as] a forum for free expression, in full respect of the law.”

We agree. Does the Commission?

Also see EDRi’s booklets on the topic:

Human rights and privatised law enforcement

The slide form “self-regulation” to corporate censorship


05 Aug 2015

Our internships at EDRi: We made digital rights matter

By Guest author

During the last couple of months, as EDRi’s interns, through advocacy, campaigning and reporting, we were given a unique opportunity to challenge threats to fundamental rights posed in the context of net neutrality, privacy, personal data and copyright. It was a fruitful and rewarding experience that allowed us to put our theoretical skills into practice while promoting human values of freedom and dignity in the online world.

Here is a short summary of our wonderful journey at EDRi:


During my internship, I had the opportunity to work closely on three currently “hot issues”: data protection, copyright and Passenger Name Record (PNR). Since my arrival at EDRi, I was following the activities concerning these subjects and gained a lot of insight by participating in meetings, conferences and events, reading and analysing documents, as well as monitoring the work progress of three main EU institutions: the European Parliament, the European Commission and the Council of the European Union.

Thanks to the fact that I was following the Data protection reform developments, I have learnt what is behind the mystery known as “trialogue” and how it functions. The European Parliament’s early steps in reforming and modernising copyright was a great chance to see how the work of the Members of the European Parliament (MEPs) evolves and how a document can significantly change from the first draft to the final vote in plenary.

Some of the moments I enjoyed the most were visiting the European Parliament, the Commission and the Council for the first time, listening to different perspectives and interesting debates at the events I attended, contacting and meeting Permanent Representations of the EU Member States, analysing the Data retention legislation in Member States, and learning about encryption and basic tools which can protect my privacy online.

All in all, my time at EDRi has helped me enrich my understanding of the European institutions and their work significantly. Participating in the whole process was extremely beneficial to see and understand how the legislation is made at the EU level and how civil society can influence and be part of this process. I have also realised that advocating for citizens’ rights can sometimes be overwhelming and seem pointless, like in the case of the recently adopted EU PNR proposal. However, analysing Marietje Schaake’s Opinion on human r rights in third countries, where the suggestions from EDRi were adopted by the Parliament, assured me that organisations like EDRi definitely play an important role in changing the future into a better one.


During my experience at EDRi, I mainly worked on the Telecom Single Market (TSM) package and on trade agreements. To be honest, I didn’t expect trade agreements to be that relevant to digital rights. Indeed, it was very challenging and interesting to deal with trade law and try to understand how a new generation of free trade agreements could affect fundamental rights such as privacy and data protection, which seemed to be completely unrelated to trade issues at first sight.

During these last months, I had the opportunity to follow the legislative procedure of the European Parliament’s own-initiative report on the Transatlantic Trade and Investment Partnership (TTIP). I participated in a whole range of advocacy activities, like contacting MEPs offices to arrange meetings and participating in these meetings, assisting in the analysis of amendments, contacting Committee secretariats to get information on the legislative procedure, preparing documents for internal use and help drafting documents and analyses. In this context, it was particularly challenging and gratifying to take part in writing the “TTIP and Digital Rights” booklet (pdf).

Along with the internal work of the association, the experience at EDRi also gave me the opportunity to participate in several external meetings. Particularly as regards TTIP, I took part in events organised by stakeholders and think tanks, civil society meetings and events organised by the European Commission.

Concerning the Telecoms Single Market (TSM) which is crucial for a potential legal safeguard of net neutrality, my internship gave me the opportunity to understand how important it is to have early contacts with MEPs and keep them informed with position papers and analyses on your positions. Following the TSM trialogue was fundamental to understand how the European institutions work in practice. Only knowing the ordinary legislative procedure can be useless in Brussels because nformal meetings can deeply affect how policies are made. Besides the ups and downs of the trialogue negotiations, it was very thrilling and instructive to be involved in the net neutrality “fight”. On some days, this file taught me how institutions can be obscure, producing text that makes it difficult to orientate yourself in the details of legislation. On other days, it was great to see the results of our work, and to see how civil society associations like EDRi can make a difference at EU level.


Unfortunately, our joyful ride of protecting digital freedoms at EDRi has come to its last stop. It is time to take our suitcases, fully packed with new skills and knowledge, as well as our bursting confidence and even stronger determination to advocate for digital rights, and head off to a new destination where we can put into practice all the knowledge we gained here.

Last, but certainly not least, we want to thank the EDRi Brussels team for being our amazing guides on this journey, supporting us and making us smile even on a grey, cloudy Brussels day.

Off to some new and exciting adventures!

(Contribution by Morana Perušić and Aldo Sghirinzetti, EDRi interns)


31 Jul 2015

Leaked documents: German news site investigated for treason

By Kirsten Fiedler

If it were up to the Federal Attorney General and the President of the German Domestic Security Agency, two reporters of, a German digital rights blog, would soon be in prison for at least two years. Yesterday, the news blog was officially informed about investigations against the editors Markus Beckedahl and Andre Meister. The accusation: Treason under Section 94 of the German Criminal Code:

Whosoever […] allows a state secret to come to the attention of an unauthorised person or to become known to the public in order to prejudice the Federal Republic of Germany or benefit a foreign power and thereby creates a danger of serious prejudice to the external security of the Federal Republic of Germany, shall be liable to imprisonment of not less than one year.

Until this week, the news site was reported merely as witnesses in a case following the publication of documents that revealed a €2.75m project for processing massive online datasets as well as plans for a 75-man unit in the German secret service to monitor Twitter, Facebook chats and other communications. Now however, two authors are accused of treason and as “joint principals”.

Markus Beckedahl, the editor-in-chief of Netzpolitik told EDRi:

We see this as an attack on press freedom. This is clearly an attempt at intimidation against us, other journalists and whistleblowers in order to prevent revelations on how deep the German government and intelligence agencies are involved with the US National Security Agency (NSA).

The last charges of treason against German journalists date back to the Spiegel scandal in 1962. Such investigations of a news site appear to be in breach of the reasoning in the ruling of the German Constitutional Court in the Cicero case in 2007.

Read the original German letter of the Federal Attorney General in full text.

Leaked documents (in German) of the articles, February and April 2015: Haushaltsplan (pdf) and Einrichtung Referatsgruppe “Erweiterte Fachunterstützung Internet” im BfV (pdf)


29 Jul 2015

French Constitutional Council approves sweeping surveillance powers

By Kirsten Fiedler

On 23 July, the French Constitutional Council approved sweeping surveillance powers for intelligence agencies. In its decision, the Council declared almost all provisions constitutional, in contradiction to vehement opposition from civil rights groups, human rights experts, academia and the online business sector. The “Loi Renseignement” (also dubbed the “French Patriot Act”) was passed by the French National Assembly on 24 June and allows intelligence agencies to tap phone and emails without judicial permission.

With regard to the scope of the law, the Council added only a few explanations in order to limit the extensive scope of grounds (the fight against collective violence and terrorism, the defence or promotion of major interests in foreign policy, economy, industry and science) that allow for surveillance by intelligence agencies.

Once the grounds are defined and duly justified, instead of a judicial approval, security officials need to request an authorisation from the newly created “National Committee for Control on Intelligence Techniques” (CNCTR). The Council ruled that the composition of the CNCTR, despite the fact that its members are appointed by political institutions, will be able to provide sufficient oversight and is thus in line with the French constitution. Unfortunately, the Council failed to provide any sort of analysis that would back up this decision.

Only last week, the United Nations Committee for Human Rights stated that the French law “grants overly broad powers for very intrusive surveillance on the basis of vast and badly defined objectives” and called on the French government to “guarantee that any interference in private life must conform to principles of legality, proportionality and necessity”.

France’s intelligence services can now deploy the list of surveillance measures, they now have the power to:

  • require internet service providers to install so-called “black boxes” to collect communications metadata directly from Internet companies, and to use algorithms to automatically flag suspect behaviour online;
  • remotely install trojan horses on personal computers to access camera, microphone and passwords;
  • deploy real-time localisation of a person, vehicle or object;
  • collect metadata via fake relay antennas for mobile phones (International Mobile Subscriber Identity, or IMSI catchers in short) to intercept traffic data and track the movement of phone users in a specific area;
  • carry out surveillance of lawyers, judges, parliamentarians and journalists.

The Council struck down only three of the law’s provisions, including one that would have allowed the services to intercept overseas communications. The problem is that other sections of the law that were not invalidated, clearly give responsibility to these services to act abroad. This is for instance the case of the new Article L. 811-2 of the Code of Homeland Security (CSI). Another provision (Article L821-6 new, CSI) that was invalidated would have allowed intelligence services to carry out surveillance without authorisation from the Prime Minister in “emergency cases” since it considered that this would be a disproportionate interference with the right to privacy. The last provision that was declared unconstitutional concerned the annual budget.

The French civil liberties group La Quadrature du Net regretted that

[t]his decision is extremely disappointing. The judges of the Constitutional Council decided to summarily dismiss the numerous arguments raised in the dozen briefs submitted to the Constitutional Council by many players in the defence of fundamental rights.

While some provisions of this law will now come directly into effect, others first need to be implemented by a series of decrees. However, La Quadrature du Net declared that it now wants to continue its fight, especially on a European level.

UN International Covenant on Civil and Political Rights report (24.07.2015)

EDRi-gram: French surveillance billpushed ahead despite massive criticism (22.4.2015)

Shame on France: French Constitutional Council Widely Approves Surveillance Law! (24.7.2015)

The Loi Renseignement is published in the Official Journal. What now?

(Contribution by Kirsten Fiedler, EDRi)



29 Jul 2015

A new wave of Internet blocking in Turkey

By Guest author

On 25 July, the Turkish government ordered the blocking of 65 popular dissident and Kurdish websites and temporarily slowed down Twitter and Facebook access. This follows the government’s air attack against the Islamic State (Isis) and Kurdish forces in Syria. A few days earlier, Twitter was blocked entirely for a few hours.

On 20 July, an Isis suicide bomber killed 31 members of a youth organisation who were visiting the South Eastern town of Suruç to deliver humanitarian aid to war-torn Kobani. The Turkish government, which is increasingly under pressure for its alleged support to Isis and other al-Qaeda derivatives in Syria, reacted by attacking Isis in northern Syria. Kurdish forces, however, received an allegedly harsher attack from the Turkish government despite their ongoing fight against Isis.

The government’s change of policy is also reflected on pro-Isis websites that were blocked in mid-July. Prior to the attacks, they were allowed to operate freely within the country and had been used for recruitment and propaganda purposes.

The newly blocked websites joined the list of over 81 000 others which are compiled by

Turkey blocks Kurdish websites as Twitter and Facebook slows down (25.07.2015)

AKP-backed ISIL group massacres at least 30 in southeastern Turkey (21.07.2015)

Turkey blocks Twitter following suicide bomb attacks (22.07.2015)

Turkey sends in jets as Syria’s agony spills over every border (26.07.2015)

Efe Kerem Sozeri on Twitter (26.07.2015):

Nato backs Turkey on IS as Ankara confirms attack on Kurds (29.07.2015)



29 Jul 2015

European Commission will “monitor” existing EU data retention laws

By Diego Naranjo

The European Commission (EC) told EDRi that it “will continue monitoring legislative developments at the national level” regarding the existence of data retention laws in EU Member States. The EC provided this non-committal response to the letter we sent on 2 July 2015, asking the Commission to investigate illegal data retention laws in the European Union.

EDRi, along with the Electronic Frontier Finland (EFF), the IT-Political Association of Denmark (IT-Ροl), the Open Rights Group (ORG), Panoptykon and other EDRi members, produced an analysis of a sample of existing national laws in EU Member States which requires the retention of their citizens’ personal data. Even though the Court of Justice of the European Union (CJEU) invalidated the Data Retention Directive in April 2014 in the Digital Rights Ireland Case v. Minister for Communications case (Joined Cases C-293/12 and C-594/12), there are still a number of existing and national laws in the EU which appear to be illegal in light of this ruling.

EDRi’s analysis sent to the European Commission concluded that the existing laws in at least six countries appear to be in contravention to the Charter of Fundamental Rights. The Commission, as guardian of the treaties, is legally required to do the necessary further research and ensure that Member States bring their practices into line with EU law, making use of the infringement procedures if necessary. If the Commission continues only “monitoring”, with million of EU citizens being subject to illegal data retention laws one year after the CJEU ruling, this will not be enough.

It is worth remembering that, before the Directive was struck down by the Court of Justice of the European Union, the European Commission used its powers aggressively to both threaten and apply every legal sanction available to force Member States to implement the legislation. The Commission furthermore refused a freedom of information request from Access Info Europe requesting access to relevant document from these cases.

“[T]he fact that data are retained and subsequently used without the subscriber or registered user being informed is likely to generate in the minds of the persons concerned the feeling that their private lives are the subject of constant surveillance”

– Court of Justice of the European Union in the 2014 Digital Rights Ireland case (Joined Cases C-293/12 and C-594/12), para. 37

The European Commission’s response to EDRi’s letter (28.07.2015)


European Digital Rights asks the European Commission to investigate illegal data retention laws in the EU (02.07.2015)

European Parliament Legal Service Opinion on CJEU Data Retention ruling (14.01.2015)

EDRi: Data retention: EU Commission – guardian and enemy of the treaties (17.12.2014)

Digital Rights Ireland Case v. Minister for Communications case (Joined Cases C-293/12 and C-594/12)

Update on the status of data retention laws in Europe (28.07.2015)

Data retention: Commission takes Germany to Court requesting that fines be imposed (31.05.2015)

Access Info Europe document request: Infringement proceedings Data Retention Directive (2006/24/) (18.11.2012)

Court of Justice of the European Union in the 2014 Digital Rights Ireland case (Joined Cases C-293/12 and C-594/12), para. 53

(Contribution by Diego Naranjo, EDRi)