freedom of expression

Freedom of expression is one of the key benefits of the digial era. The global information society permits interaction on a scale that was previously unheard of – promoting intercultural exchange and democracy. Consequently, the protection of this freedom is central to much of EDRi’s work.

23 May 2019

Captured states – e-Privacy Regulation victim of a “lobby onslaught”

By Chloé Berthélémy

Compared to non-governmental organisations and trade unions, private corporations are far better equipped to influence European level decision-making. A report “Captured states: when EU governments are a channel for corporate interests” by Corporate Europe Observatory’s (CEO) describes the various ways corporations approach the Member States of the European Union to maximise their impact.

When adopting EU’s laws and policies, Member States are key actors, along with the European Parliament and the Commission. Thus, lobbyists representing private corporations consider Member States as primary targets to influence the decisions at the European level in favour of their interests. The CEO report exemplifies how national governments become channels for corporate interests by relating numerous lobbying successes, including the e-Privacy Regulation (pdf).

The report maps out the various channels and decision-making fora that the EU, national-level trade associations, and multinational corporations target to push for their private interests. This includes the European Council, the rotating presidencies of the Council of the EU, the EU technical and scientific committees, and officials working at the permanent representations of Member States. Corporate lobbies also use the services of Brussels-based lobby consultancy firms to receive advice and to multiply lobby opportunities and accesses. As a result, and in comparison to the influence of NGOs, Corporate Europe Observatory finds a massive asymmetry in terms of lobbying capacity and resources.

ePrivacy Regulation – a case story of “corporate hyperbole”

As the case of the e-Privacy Regulation proposal outlines, the deeply problematic issue of corporate capture also threatens citizens’ fundamental rights in the digital sphere. Regulating the use of personal data by advertisers, publishers, and social media platforms, the proposal has been the victim of “a veritable lobby onslaught” by corporate lobbies with an interest in Big Data. An official following the e-Privacy file said that “99 per cent of the lobbying” had been from industry. These lobbying efforts have been so far successful in delaying negotiations and the adoption of the update of the only piece of privacy legislation in place in the EU. As a result of this pressure from private interests, the proposal is stalled by Member States, and EU citizens do not enjoy the full protection of their private communications online.

The report focuses on the German position and reveals the imbalance of representation in meetings with German officials between NGOs and industry lobbyists such as the publishing corporation Axel Springer, Deutsche Telekom, Facebook, and Google. The German government has been keen on defending its key telecom operator Deutsche Telekom’s demands, in particular asking for the processing of personal data on a pseudonymous basis and without consent.

Countering corporate influence and saving democracy

The report lays down primary ideas to reduce the impact of corporate lobbying on European legislative outcomes. These include:

  • Adopting national rules to prevent privileged access for corporate lobbies and to promote full lobby transparency.
  • Strengthening national parliamentary pre-decision scrutiny and post-decision accountability on government decision-making at EU level.
  • Reforms of the ways of working of the Council of Ministers, the European Council and the European Commission’s committees and expert groups to solve the democratic deficit.
  • Introducing new models of participation for citizens, such as participatory hearings on upcoming pieces of EU legislation, and improving and increasing key online consultations.

In addition to these issues raised by CEO, EDRi has repeatedly voiced criticism with regards to the transparency of trilogues – which are informal, non-democratic and non-transparent negotiations to fast-track adoption of legislation – and transparency of the Council of the EU, whose “confidential documents” are difficult to access, and whose working parties discussions are still taking advantage of significant opacity.

Without greater transparency and fairness of the process, civil society work will remain difficult, and corporate interests will continue to reign over public interests.

Infographics: Corporate lobbying & EU Member States
https://edri.org/files/Corporate-lobbying_EU-MS_web.pdf

Council continues limbo dance with the ePrivacy standards (24.10.2018) https://edri.org/council-continues-limbo-dance-with-the-eprivacy-standards/

How the online tracking industry “informs” policy makers (12.09.2018) https://edri.org/how-the-online-tracking-industry-informs-policy-makers/

European Ombudsman shares EDRi’s concerns on Council transparency (21.02.2018) https://edri.org/european-ombudsman-shares-edris-concerns-on-council-transparency/

EDRi’s response to the European Ombudsman consultation on transparency of legislative work within Council preparatory bodies (20.12.2017) https://edri.org/files/consultations/euombudsman_counciltransparency_20171212.pdf

(Contribution by Chloé Berthélémy, EDRi)

Twitter_tweet_and_follow_banner
close
22 May 2019

EDRi is looking for a new Head of Policy

By EDRi

European Digital Rights (EDRi) is an international not-for-profit association of 42 digital human rights organisations. We defend and promote rights and freedoms in the digital environment, such as the right to privacy, personal data protection, freedom of expression, and access to information.

EDRi is looking for an experienced, strategic and dedicated Head of Policy to join EDRi’s team in Brussels. This is a unique opportunity to be part of the growth of a well-respected network of NGOs making a tangible difference in the defence and promotion of online rights and freedoms in Europe and beyond. This is a full-time, permanent position. The deadline to apply has been extended until 16 June 2019.

The Head of Policy will provide strategic leadership to EDRi Policy Team and designs policy and advocacy strategies in line with EDRi’s Strategic objectives and in consultation with member organisations. S/he is expected to bring a strategic vision on human rights in the digital environment as well as solid experience on human rights advocacy and digital rights. The successful candidate will have a strong track record in policy development and strategic planning in addition to an excellent understanding of working in the EU or national policy/advocacy environment.

We are an equal opportunities employer with a strong commitment to transparency and inclusion. We strive to have a diverse and inclusive working environment. We encourage individual members of groups at risk of racism or other forms of discrimination to apply for this post.

Job title: Head of Policy
Reports to: Executive Director
Location: EDRi Office, Brussels, Belgium
Line management: The Head of Policy leads the advocacy effort of the Policy Team (4 persons) while the team is line managed by the Executive Director. The Head of Policy will participate in the Policy staff members’ appraisal and objective setting meetings. With the future growth of the organisation, and in consultation with employees, the position can include line management responsibilities.

RESPONSIBILITIES:

As Head of Policy, your main tasks will be to:

  • Advocate for the protection of digital rights, such as in the areas of data protection, privacy, freedom of expression, platform regulation, surveillance and law enforcement, telecommunications and digital trade;
  • Contribute to and evaluate progress towards EDRi policy strategic outcomes and develop activities in response to the external environment and in partnership with the team, members and the Board;
  • Provide the Policy Team with strategic advice and lead on advocacy strategies, including by coordinating, designing, and executing policy strategies and workplans in line with EDRi overall strategic objectives;
  • Draft and oversee the production of all policy documents, such as briefings, position papers, amendments, advocacy one-pagers, letters, blogposts, and EDRi-gram articles;
  • Support and work closely with EDRi colleagues including policy, communications, and campaigns – ensuring smooth working relations between the Policy Team and other teams – and report to the Executive Director;
  • Coordinate and collaborate with EDRi members on relevant legislative processes in the EU, including coordinating working groups, developing policy positions and campaign messages;
  • Collaborate with the EDRi team to communicate to the public about relevant legislative processes and EDRi’s activities;
  • Provide policy-makers with expert, timely, and accurate input and organise and participate in expert meetings;
  • Develop and strengthen relationships with civil society partners, EU institutions, government and institutional officials, academics and industry representatives working on related issues;
  • Represent – when relevant and in collaboration with the Executive Director and the Policy Team – the organisation as a spokesperson at public events, meetings and to the media.

QUALIFICATIONS AND EXPERIENCE:

  • Passionate about digital rights and enthusiasm to work within a small team to make a big difference;
  • Minimum 6 years of relevant experience in a similar role;
  • A university degree in law, EU affairs, policy, human rights or related field or equivalent experience;
  • Demonstrable knowledge of, and interest in human rights, in particular privacy, net neutrality, digital trade, surveillance and law enforcement, freedom of expression, as well as other internet policy issues;
  • Knowledge and understanding of the EU, its institutions and its role in digital rights policies;
  • Experience in leading advocacy efforts and creating networks of influence;
  • Exceptional written and oral communications skills;
  • Technical IT skills and knowledge of free and open source operating systems and software are a plus;
  • Strong multitasking abilities and ability to manage multiple deadlines;
  • Experience of working with and in small teams;
  • Experience of organising events and/or workshops;
  • Ability to work in English. Other European languages an advantage.

How to apply:

To apply, please send a maximum one-page cover letter and a maximum two-page CV in English and in .pdf format to applications(at)edri.org by 16 June 2019.

Please note that only shortlisted candidates will be contacted.

close
22 May 2019

Hey Google, where does the path lead?

By Bits of Freedom

If you do not know the directions to a certain place, you use a digital device to find your way. With our noses glued to the screen, we blindly follow the instructions of Google Maps, or its competitor. But do you know which way you are being led?

Mobility is a social issue

Mobility is an ongoing debate in the Netherlands. Amsterdam is at a loss on how to deal with the large cars on the narrow canals, and smaller municipalities such as Hoogeveen is constructing a beltway to offset the Hollandscheveld area. Governors want to direct the traffic on the roads and as a result, they deliberately send us either right or left.

If all is well, all societal interest are weighed in on that decision. If one finds that the fragile village centre should be offset, the road signs in the berm direct the drivers around it. If the local authorities want to prevent cars from rushing past an elementary school, the cars are being routed through a different path.

Being led by commercial interests

However, we are not only being led by societal interests. More and more, we use navigation systems to move from place A to place B. Those systems are being developed by an increasingly smaller group of companies, of which Google seems to be the frontrunner. Nowadays, hardly anyone navigates using a map and the traffic signs on the side of the road. We only listen to the instructions from the computer on the dashboard.

In this way, a commercial enterprise determines which route we take – and it has other interests than the local authorities. It wants to service its customers in the best possible way. But who are these customers? For some companies, that’s the road users, but for others – often those where the navigation is free for the users – the customers that really matter are the invisible advertisers.

Too much of a short cut

And even that is too limited of course. Because which consideration the developer of the navigation system really takes is rarely transparent. When asking Google for a route from the Westerpark to the Oosterpark in Amsterdam, it leads you around the canal belt, instead of through it. That doesn’t seem to be the shortest route for someone on a bicycle.

Why would that be? Maybe Google’s algorithm is optimised for the straight street patterns of San Francisco and it’s unable to work with the erratic nature of the Amsterdam canals. Maybe it’s the fastest route available. Or maybe it’s a very conscious design choice so that the step-by-step description of the route does not become too long. Another possibility is that the residents of the canal belt are sick of the daily flood of cycling tourists and have asked Google, or maybe paid for it, to keep the tourists out of the canal belt. We simply don’t know.

Being misled

Incidentally, the latter-mentioned reason is less far-fetched than you would think at first. When you are in Los Angeles, you can’t miss the letters of the Hollywood Sign. A lot of tourists want to take a picture with it. Those living on the hill underneath the monumental letters are sick of it. They have, sometimes illegally, placed signs on the side of the road that state that the huge letters are not accessible through their street.

With the rise of digital maps that action became less and less successful. Pressurised by a municipal councillor, Google and Garmin, a tech company specialising in GPS technology, adjusted their maps so that tourists are not being led to the actual letters, but to a vantage point with a view of the letters. Both mapmakers changed their service under pressure of an effectively lobbied councillor.

Serving a different interest

It’s very rarely transparent which interests companies are taking into consideration. We don’t know which decisions those companies take and on which underlying data and rules they are based. We don’t know by whom they are being influenced. We can easily assume that the interests of such companies are not always compatible with public interests. This has a major impact on the local situation. If a company like Google listens to retailers, but not residents, the latter will be disadvantaged. The number of cars in and around the shopping streets is growing – which sucks, if you happen to live there. And even more so, if the local authorities do try to route the cars differently.

Again, this is another good example of how the designer of a technology impacts the freedom of the user of the technology. It also impacts society as a whole: we lose the autonomy to shape our living environment with a locally elected administration.

Moreover, this story is not only about the calculated route, but also about the entire interface of the software. The Belgian scientist Tias Guns described that very aptly: “There is, for example, an option to avoid highways, but an option to avoid local roads is not included.” As a driver, try and spare the local neighbourhood then.

The platform as a “dead end”

Adding to that – ironically – is that the major platforms are not always reachable. Where do you have to turn to if you want Google Maps to route less traffic through your street? Or, actually more, if you are a retailer? On a local level, this is different. There is a counter at the city hall where you can go, and there is a city council where you can put traffic problems on the agenda. This, by itself, is already very difficult to coordinate. The Chief Technology Officer of the city Amsterdam recently told in an interview about the use of artificial intelligence in the local authority:

“In some areas, residents have a larger capability to complain. Think of the city centre or the ‘Oud-Zuid’ area both more affluent areas and home to a large number of lawyers. It’s general knowledge that in those areas a complaint is made far easier than, for example, the less affluent area of Amsterdam “Noord”. This is not difficult for trained operators. They can handle experienced grumblers, and can judge for themselves whether the complaint is valid. A computer can not.”

Another issue is that some digital mapmakers are so large – and will continue to grow – that they can afford to listen selectively.

Who determines the path?

So, who decides how our public space is being used? Is that a local city council or a commercial enterprise? This makes quite a difference. In the first case, citizens can participate, decisions are made democratically, and there is a certain amount of transparency. In the second case, you have no information on why you were led left or right, or why shopping streets have become desolate overnight. Most likely the rule is: whoever pays, gets to decide. The growing power of commercial enterprises in the issue of mobility is threatening to put local administrations – and with that us, the citizens and small companies – out of play.

Bits of Freedom
https://www.bitsoffreedom.nl/

Hey Google, which way are we being led? (15.05.2019)
https://www.bitsoffreedom.nl/2019/05/15/hey-google-which-way-we-being-led/

Hey Google, which way are we being led? (in Dutch, 15.05.2019)
https://www.bitsoffreedom.nl/2019/04/15/hey-google-waarheen-leidt-de-weg/

Why people keep trying to erase the Hollywood sign from Google Maps (21.11.2014)
https://gizmodo.com/why-people-keep-trying-to-erase-the-hollywood-sign-from-1658084644

(Contribution by Rejo Zenger, EDRi member Bits of Freedom, the Netherlands; translation from Dutch to English by Bits of Freedom volunteers Alex Leering and Amber Balhuizen)

close
22 May 2019

Passenger surveillance brought before courts in Germany and Austria

By Gesellschaft für Freiheitsrechte

EDRi members Gesellschaft für Freiheitsrechte (GFF, Society for Civil Rights) and Epicenter.works have taken legal action against the mass retention and processing of Passenger Name Records (PNR) before German and Austrian courts and authorities. The European PNR Directive (Directive 2016/681) requires airlines to automatically transfer their passengers’ data to state authorities. There, the data are stored and automatically compared with pre-determined “criteria” that describe, for example, the flight behavior of known criminals. The data will also be distributed to other authorities and even non-EU member countries.

The EU Member States have been, since May 2018, obliged by the European PNR Directive to have adopted legislation for the retention of passenger data from airlines. For each passenger who takes a flight, a record is created. It contains at least 19 data items, including data such as the date of birth, details of accompanying persons, payment information, and the IP address used for online check-in. Together with information on the flight time and duration, booking class and baggage details, PNR data provides a detailed picture of the trip and the passenger.

PNR data is stored centrally at the respective Passenger Information Unit (PIU). These PIUs are usually located at national police authorities. The data can then be accessed by numerous other authorities and even transmitted to other countries. In addition, an automated comparison of the data records with pre-determined “criteria” is conducted.

This is a way of identifying new suspects in the mass of previously unsuspicious passengers – and a new level of dragnet action by collecting data from all citizens to “catch a few fish”. Thus, each individual, whether previously suspected of a crime or not, can thus be subjected to stigmatising investigations, just for coincidentally having similar flight patterns to past offenders.

GFF and epicenter.works argue that the PNR Directive in its current form violates the Charter of Fundamental Rights of the European Union, in particular the right to respect for private and family life (Article 7), as well as the right to the protection of personal data (Article 8). The Court of Justice of the European Union (CJEU) already took a similar view in its 2017 Opinion on the draft PNR agreement between the EU and Canada.

Since it isn’t possible to appeal the case against the PNR Directive directly before the CJEU, GFF and epicenter.works have brought legal actions before courts and authorities, civil and administrative courts, as well as the data protection authorities (DPAs) in Germany and Austria. The complaints lodged argue that the storage and processing of data by the police authorities violates the Charter of Fundamental Rights. Due to the case’s evident implications of EU law and the CJEU’s aforementioned opinion, it is expected that national courts will eventually refer the question to the CJEU.

The basic funding for the project is provided by the Digital Freedom Fund.

Gesellschaft für Freiheitsrechte (GFF, Society for Civil Rights)
https://freiheitsrechte.org/english/

Epicenter.works
https://epicenter.works

No PNR campaign
https://nopnr.eu

Directive 2016/681 (PNR Directive)
https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016L0681&from=DE

CJEU Opinion on the Draft PNR agreement between Canada and the European Union
http://curia.europa.eu/juris/document/document.jsf?docid=193216&text=&dir=&doclang=EN&part=1&occ=first&mode=DOC&pageIndex=0&cid=7992604

(Contribution by EDRi member Gesellschaft für Freiheitsrechte, Germany)

close
22 May 2019

Google-Huawei case highlights the importance of free software

By Free Software Foundation Europe - FSFE

Google denies the Chinese IT giant Huawei access to Google’s proprietary components of the Android mobile operating system, which threatens IT security. This highlights the importance of free software for technology users, public bodies, and businesses.

Following the US administration’s decision to effectively ban American companies from doing trade with the Chinese company Huawei, Google suspended all business with the company. This affects all software which is not covered under free software licences. In practice, Huawei’s upcoming and potentially also current phones will no longer get support and updates for the Android operating system. They will also not have access to the proprietary Google apps and services like Gmail and Google Play. Especially the latter will put Huawei users at risk, because without access to the default app store on most Android phones they will miss important security updates for the apps installed through it.

Google offers only a base version of Android under a free software licence, but bundles it together with proprietary apps and services. The non-free components of most stock Android devices have numerous downsides for users, as EDRi member Free Software Foundation Europe (FSFE) has documented since 2012. The current case demonstrates that even tech giants like Huawei face similar dependencies and vendor lock-in effects as any individual users if they rely on proprietary software.

The following lessons can be drawn from this case:

  1. Users should favour free software operating systems and applications on their computing devices. With proprietary software, they are on the receiving end only, and vendors may deny them access to crucial security updates. Free software enables control of technology, and the more important that technology becomes in our daily lives, the more relevant free software becomes for users. For Android, the FSFE helps users to regain more control with its Free Your Android initiative.
  2. Governments and especially the European Union should invest more resources in free software to gain independence from large enterprises and other states. The current case highlights the lack of influence the EU has on outside technology providers. Instead of waiting for a future European IT monopolist to enter the stage, the EU and its members states should invest in free software development and focus on supporting local free software organisations as well as businesses. This would effectively foster the inner-European market and enable independence for European citizens and the EU economy. This step is essential for avoiding exposing European infrastructure to shutdowns controlled by external factors.
  3. Companies should use as much free software as possible in their supply chains. Proprietary software makes a company dependent on its vendor and this vendor’s government. The current case shows that the US was able to force Google to stop delivery of its proprietary products – but could not stop delivery of the free software components of Android. Had Huawei invested more resources in free software apps and services, the US strategy would not have hit them as hard. Although the current events are linked to the scrutiny the Chinese company is under right now, it is obvious that this could happen to any other company based in any other country as well.

The earlier allegations against Huawei already showed that code for all critical infrastructure should be published under a free software licence. The latest episode of the Huawei affair illustrates that the same applies to apps and services. Just days before the European elections, this should be a wake-up call for the next constituent Parliament to ask the European Commission for European Directives that foster independence of European technical infrastructure and that build on free software, starting with the demand to release publicly funded software as public code.

Free Software Foundation Europe (FSFE)
https://fsfe.org/

Three conclusions to draw from Google denying Huawei access to software (20.05.2019)
https://fsfe.org/news/2019/news-20190520-01.en.html

Free Your Android!
https://freeyourandroid.org

Public Money, Public Code
https://publiccode.eu

Huawei case demonstrates importance of Free Software for security (05.02.2019)
https://fsfe.org/news/2019/news-20190205-01.en.html

(Contribution by EDRi member Free Software Foundation Europe – FSFE, Europe)

close
22 May 2019

ePrivacy: Private data retention through the back door

By Digitalcourage

Blanket data retention has been prohibited in several court decisions by the European Court of Justice (ECJ) and the German Federal Constitutional Court (BVerfG). In spite of this, some of the EU Member States want to reintroduce it for the use by law enforcement authorities – through a back door in the ePrivacy Regulation.

The ePrivacy Regulation

The ePrivacy Regulation, which is currently under negotiation, is aimed at ensuring privacy and confidentiality of communications in the electronic communications, by complementing and particularising the matters covered in the General Data Protection Regulation (GDPR). Confidentiality of communications is currently covered by the ePrivacy Directive dating back to 2002. A review of this piece of legislation is long overdue, but Member States keep delaying the process and therefore not updating necessary protections for online privacy in the EU.

Ever since 2017, the EU Ministers of Justice and Interior have been “deliberating” the Tele2 verdict by the European Court of Justice. The Court had declared the blanket retention of telecommunications metadata inadmissible. Yet the EU Member States are unwilling to accept this ruling. During an informal discussion in Valetta on 26 and 27 January 2017, the Justice and Interior Ministers expressed their wish for “a common reflection process at EU level on data retention in light of the recent judgments of the Court of Justice of the European Union” (Ref. EU Council 6713/17) to implement EU-wide data retention. This process was set in motion in March 2019 by the Presidency of the Council of the European Union. A sub-group of the Council’s Working Party on Information Exchange and Data Protection (DAPIX) was put in charge. From the very beginning, this reflection process has mainly served the purpose of finding opportunities to implement yet another instance of data retention on the EU level. This has been proven by documents published by EDRi member Statewatch.

Instead of complying with the clear rulings by the European Court of Justice (Tele 2 and Digital Rights Ireland), the responsible ministers are doing everything they can to “resurrect” data retention, potentially using ePrivacy as a basis for a new era of data retention. In a working document (WK 11127/17), the Presidency of the EU Council in 2017 concluded in addition to a specific data retention legislation it would be desirable to also collect citizens’ communications data (metadata) in ePrivacy to avoid so companies can use it for commercial purposes. The logic behind being, probably, to circumvent CJEU case law by not imposing an obligation on companies but having the data available when law enforcement needs it thanks to ePrivacy.

Private data retention

In plain words, this means: If the courts will not allow mass data retention, service providers will simply be given incentives to do so by their own choice. That is why the ePrivacy Regulation is being watered down by Member States in order to give the service providers manifold permissions to store data for a wide variety of reasons (see Article 6 of the draft ePrivacy Regulation). Those responsible are relying on the assumption that the providers’ appetite for data will be sufficient even without an explicit obligation to retain data.

The immediate problem with this type of private data retention is the fact that it weakens the protection of all users’ personal data against data hungry corporations whose main interest is making profit. What’s even worse is that, once again, a governmental function is being outsourced to private corporations. These corporations are not subject to democratic scrutiny, and they are given ever more power over the countries concerned.

In Germany, the hurdles for criminal investigators to get access to data are already very low. The e-mail provider Posteo, for example, had to pay a fine because they were unable to provide the criminal investigators the IP addresses from which a certain e-mail account had been accessed. Posteo simply hadn’t stored those data; they were erased as soon as they were received. The Court declared the fine to be justified. This decision could easily lead to a situation where private companies prefer to err on the side of caution and store even more data, just to avoid such fines.

The draft ePrivacy Regulation as proposed by the European Commission in 2017 placed relatively strict duties on service providers regarding data protection. For example, they were obliged to either erase or anonymise all data that was no longer needed. This is diametrically opposed to the goal of private data retention, and the DAPIX task force noticed it, too. As the Presidency of the EU Council statedservice providers will be given the freedom to use and store data in order to prevent “fraudulent use or abuse”. And these data could then be picked up by law enforcement doing criminal investigation.

No data retention through the back door!

EDRi member Digitalcourage wanted to know how the German government argued with respect to the data retention issue, and submitted a request for the disclosure of documents related to it. Unfortunately, the request was largely denied by the Council of the European Union, long after the legal deadline was missed. The secretariat declared that a disclosure would be a threat to public safety – the risk to the relationship of trust between the Member States and Eurojust, the EU agency dealing with judicial co-operation in criminal matters among agencies of the Member States, would be too severe. Furthermore, such a disclosure would threaten ongoing criminal investigation or judicial procedures. No further details were given. Digitalcourage lodged an appeal against this dismissal, but in addition to being asked for patience, they haven’t received an answer from the European Commission. Several requests pursuant to the Freedom of Information Act have also been submitted to German ministries.

It is unbelievable to imagine policy makers contemplating existing and potential new surveillance laws that would clearly be illegal. However, this is exacly what the DAPIX task force is doing, and they are doing it behind closed doors. The changes they propose can be found in the current draft ePrivacy Regulation. Digitalcourage will continue to request documents from the EU and the German government. As soon as the trilogue negotiations between EU Council, Commission and Parliament begin, the concerns will be voiced our concerns and a demand: No data retention through the back door!

This article was first published at https://digitalcourage.de/blog/2019/eprivacy-private-data-retention-through-the-back-door

Digitalcourage
https://digitalcourage.de/en

ePrivacy: Private data retention through the back door (in German, 18.04.2019)
https://digitalcourage.de/blog/2019/eprivacy-private-vorratsdatenspeicherung-durch-hintertuer

(Contribution by EDRi member Digitalcourage, Germany)

close
22 May 2019

Christchurch call − pseudo-counter-terrorism at the cost of human rights?

By Claire Fernandez

The Prime Minister of New Zealand Jacinda Arden showed compassionate and empathetic leadership in her response to the Christchurch terrorist attack on a mosque in her country on 15 March 2019. On 16 May in Paris, Arden and the French President Emmanuel Macron co-launched the Christchurch Call to Action to Eliminate Terrorist and Violent Extremist Content Online.

The day before, EDRi joined a meeting the New Zealand government held with civil society and academics. The purpose of the meeting was to present the call and to hear recommendations moving forward on the call implementation and joint work to combat terrorism and white supremacy.

While the approach of the New Zealand government is sensible, and the final text of the call to action does include human rights safeguards for a free and open internet, the initiative is naïve as it relies on questionable companies and governments’ practices, inefficient in combatting terrorism, and opens the door to serious human rights breaches.

A “sacrificed process”

In the words of Arden herself, civil society consultations were “sacrificed” to allow for a swift process and for the call to be launched, on the occasion of the Tech for Good conference and the G7 Digital Ministers meeting. NGOs and other stakeholders such as journalists, academics and the technical community did not get a chance to submit contributions before the finalisation of the call. The rushed timeline was an obstacle to any meaningful participation in the process. The lack of anti-racism organisations or organisations from the Global South in the consultative meeting in Paris is a major gap for an initiative purporting to address “violent extremism” globally.

Failure to address social media business model

The call to action refrains from criticising and questioning the business model of Google, Amazon, Facebook, and Apple in order to get them to sign the initiative. However, as long as profit is made mainly from behavioural advertising revenue which increases by showing polarising, violent or illegal content, the entire system will continue to promote such content and lead people to share it. Human nature and all of its addictions are encouraged and amplified by opaque artificial intelligence.

Human rights concerns

As state authorities are unable to call out the big tech for larger issues, the Christchurch call places emphasis on content removal and filtering of broadly and ill-defined content. “Terrorist and violent extremist” content can be left to the appreciation of law enforcement authorities and companies, which opens risks of arbitrariness against legitimate dissent from groups at risk of racism, human rights defenders, civil society organisations or political activists. Solutions such as upload filters or rapid removals of content can be turned into censorship and are error-prone, as the European Commission acknowledges, by stating that “biases and inherent errors and discrimination can lead to erroneous decisions”. Invaluable and unique evidence of human rights abuses committed by groups or governments can also disappear, as examples from the war in Syria show. UN Special Rapporteur on human rights and counter-terrorism estimates that around 67% of people affected by counter-terrorism or security policies are human rights defenders.

Handing over policing powers and regulating freedom of expression to the private sector, with no accountability or possibility of redress, is highly problematic for the rule of law. Companies’ terms of services do not replace laws when it comes to assessing what is legal and what is not. In addition to this problem, there should be redress mechanisms to review whether in fact only illegal terrorist content has been removed − otherwise human rights will be at risk in countries that do not have the same respect for the rule of law than New Zealand.

Algorithms used to prevent uploading or delete content are not transparent, and do not allow for accountability or redress mechanisms. Therefore unaccountable removal of content and incentives for over-removal of content must be explicitly rejected. Likewise, law enforcement authorities must be held accountable by being obliged to submit transparency reports regarding the requests to remove content, including the number of investigations and criminal cases opened as a result of these requests. There are many initiatives addressing the broad range of “harmful online content” such as the upcoming G7 Biarritz Summit, France and the UK’s online harms/platform duties proposals and the EU Regulation on Terrorist Content Online. The overall impact of initiatives that risk limiting freedom of expression needs to be evaluated based on evidence. This is currently not the case.

Broader societal efforts are needed to effectively combat terrorism – online and offline. These include education, social inclusion, questioning the impact of austerity, accountability for politicians using hate speech and stigmatising rhetoric, and real community involvement.

What the YouTube and Facebook statistics aren’t telling us (24.04.219)
https://edri.org/what-the-youtube-and-facebook-statistics-arent-telling-us/

Commission working document – Impact assessment accompanying the Proposal for a Regulation of the European Parliament and of the Council on preventing the dissemination of terrorist content online (12.09.2018)
https://ec.europa.eu/commission/sites/beta-political/files/soteu2018-preventing-terrorist-content-online-swd-408_en.pdf

Report of the Special Rapporteur on the promotion and protection of human rights and fundamental freedoms while countering terrorism on the role of measures to address terrorism and violent extremism on closing civic space and violating the rights of civil society actors and human rights defenders (18.02.2019)
https://www.ohchr.org/Documents/Issues/Terrorism/SR/A_HRC_40_52_EN.pdf

(Contribution by Claire Fernandez, EDRi)

close
22 May 2019

Why should we vote in the EU elections?

By EDRi

What are your plans for the coming days? We have a suggestion: The European elections will take place – and it’s absolutely crucial to go and vote!

In the past, the EU has often defended our digital rights and freedoms. This was possible because the Members of the European Parliament (MEPs) – who we, the EU citizens, elected to represent us in the EU decision-making – are open to hearing our concerns.

So, what exactly has the EU done for our digital rights?

Privacy

The EU has possibly the best protection for citizens’ personal data: the General Data Protection Regulation (GDPR). This law was adopted thanks to some very dedicated European parliamentarians, and it enhances everyone’s rights, regardless of nationality, gender, economic status and so on. Since the GDPR came into effect, we now have for example the right to access our personal data a company or an organisation holds on us, the right to explanation and human intervention regarding automated decisions, and the right to object to profiling measures.

You can read more about your rights under the GDPR here: https://edri.org/a-guide-individuals-rights-under-gdpr/

Net neutrality

Europe has become a global standard-setter in the defence of the open, competitive and neutral internet. After a very long battle, and with the support of half a million people that responded to a public consultation, the principles that make the internet an open platform for change, freedom, and prosperity are upheld in the EU.

In June 2015, negotiations between the three European Union institutions led to new rules to safeguard net neutrality – the principle according to which everyone can communicate with everyone on the internet without discrimination. This principle was put at risk by the ambiguous, unbalanced EU Commission proposal, which would have undermined the way in which the internet functions. In 2016, the Body of European Regulators for Electronic Communications (BEREC) was tasked with publishing guidelines to provide a common approach to implementing the Regulation in the EU Member States. In June 2016, BEREC published the draft guidelines that confirm strong protections for net neutrality and open internet.

ACTA

In 2012, the MEPs voted against an international trade agreement called the Anti-Counterfeiting Trade Agreement (ACTA), which, if concluded, would have likely resulted in online censorship. It would have had major implications for freedom of expression, access to culture and privacy, it will harm international trade and stifle innovation. Therefore, people decided to demonstrate and there were protests against this draft agreement in over 200 European cities calling for a rejection. In the end, the Parliament listened to the concerns of the people and voted against ACTA.

Protecting whisteblowers

Whistleblowers fight for transparency, democracy and the rule of law, reporting unlawful or improper conduct that undermine the public interest and our rights and freedoms. In 2017, the European Parliament called on legislation to protect whistleblowers, making a clear statement recognising the essential role of whistleblowers in our society. This Resolution started the process of putting into place effective protections for whistleblowers throughout the EU. In April 2019, the Parliament adopted the new Directive, which is still to be approved by the EU Council.

Your vote matters for digital rights

In many occasions, the EU Parliamentarians have stood for our rights and freedoms. It’s important that also the new EU Parliament will be a strong defender of our digital rights – because there are so many important fights coming up.

The European elections are one of the rare occasions where we can take our future and the future of Europe into our own hands. Your vote matters. Please go and vote for digital rights on 23-27 May!

You can find more information about the elections online, for example at https://www.european-elections.eu, https://www.thistimeimvoting.eu/ and https://www.howtovote.eu/.

close
22 May 2019

Facebook lies to Dutch Parliament about election manipulation

By Bits of Freedom

On 15 May 2019, Facebook’s Head of Public Policy for the Netherlands spoke at a round table in the House of Representatives about data and democracy. The Facebook employee reassured members of parliament that Facebook has implemented measures to prevent election manipulation. He stated: “You can now only advertise political messages in a country, if you’re a resident of that country.” Nothing seems to be further from the truth.

Dutch EDRi member Bits of Freedom wanted to know if it were possible to target Dutch voters from a foreign country, using the type of post and method of advertising that were employed in, among others, the “Leave” campaign in the UK. From Germany, they logged in to a German Facebook account, created a new page, and uploaded a well-known Dutch political meme. They then paid to have it shown to Dutch voters and settled the bill using a German bank account. Contrary to what Facebook led members of parliament to believe, there was nothing that stood in their way of doing so.

The other way around was just as easy. Facebook failed to stop Bits of Freedom from targeting German voters interested in German political parties Christian Democratic Union of Germany (CDU) and Alternative for Germany (AfD) with a CDU/AfD meme, even though they were using a Dutch Facebook account, had signed in from the Netherlands, and payed for the ad with a Dutch bank account. Better yet, Facebook suggested to add to their demographic, people with the additional interests “nationalism” and “military”. Thanks, Facebook!

We’re not dealing with a company that occasionally messes up. Facebook has time and time again exhibited a complete disregard for our democracy, freedom of expression, and privacy. Therefore, Bits of Freedom called on the House of Representatives to take action. On 20 May, on the Dutch current affairs television program “Nieuwsuur”, Labour Party (PvdA) leader Lodewijk Asscher responded: “Facebook promises to do better, and time and time again their promises prove worthless. Facebook says all the right things but in reality is a threat to democracy.” Liberal MP Kees Verhoeven (D66) added: “As far as I’m concerned, now is the time we stop relying on self-regulation and trusting companies’ promises, and start regulating.”

This article was first published at https://www.bitsoffreedom.nl/2019/05/21/facebook-lies-to-dutch-parliament-about-election-manipulation/

Bits of Freedom
https://www.bitsoffreedom.nl/

Nieuwsuur: Facebook lies about political advertising (20.05.2019)
https://www.npostart.nl/nieuwsuur/20-05-2019/VPWON_1297109

Bits of Freedom
https://www.bitsoffreedom.nl/

Nieuwsuur: Facebook lies about political advertising (only in Dutch, 20.05.2019)
https://www.npostart.nl/nieuwsuur/20-05-2019/VPWON_1297109

Steps you can take to minimise the political ads you see online (19.05.2019)
https://privacyinternational.org/long-read/2913/steps-you-can-take-minimise-political-ads-you-see-online

(Contribution by Evelyn Austin, EDRi member Bits of Freedom, the Netherlands)

close
20 May 2019

NGOs call to ensure fundamental rights in copyright implementation

By EDRi

Today, on 20 May 2019, EDRi and 41 other organisations sent an open letter to the European Commission. The letter is calling for the inclusion of civil society in the implementation process of the newly adopted Copyright Directive through the upcoming stakeholder dialogue.

The stakeholder dialogue is a consultation process mandated by the Copyright Directive. It will serve as an opportunity for relevant stakeholders to discuss the transposition and implementation of the infamous Article 13 (Article 17 in the final text) of the Copyright Directive.

The signatories of the letter have on numerous occasions throughout the legislative debate on the copyright reform expressed their explicit concerns about the fundamental rights questions that will arise during the implementation of the Directive.

The letter highlights that the participation of organisations representing internet users in the consultation process is crucial for ensuring that fundamental rights are properly considered, especially in cases where the Directive requires internet platforms to disable access to or remove user-uploaded content. A diverse working group can ensure that the fears around automated upload filters are not realised. It can assist in creating guidelines under which both content-sharing service providers and rightsholders respect the Charter of Fundamental Rights of the European Union.

You can read the letter below, or download it here (pdf).


20 May 2019

Dear President Juncker,
Dear First Vice-President Timmermans,
Dear Vice-President Ansip,
Dear Commissioner Gabriel,
Dear Director General Roberto Viola,

The undersigned stakeholders represent fundamental rights organizations, the knowledge community (in particular libraries), free and open source software developers, and communities from across the European Union.

The new Directive on Copyright in the Digital Single Market has been adopted and, as soon as it is published in the Official Journal, Member States will have two years to implement the new rules. Article 17, on ‘certain uses of protected content by online services’, foresees that the European Commission will issue guidance on the application of this Article.

The undersigned organisations have, on numerous occasions throughout the legislative debate on the copyright reform, expressed their very explicit concerns (1) about the fundamental and human rights questions that will appear in the implementation of the obligations laid down on online content-sharing service providers by Article 17. These concerns have also been shared by a wide variety of other stakeholders, the broad academic community of intellectual property scholars, as well as Members of the European Parliament and individual Member States. (2)

We consider that, in order to mitigate these concerns, it is of utmost importance that the European Commission and Member States engage in a constructive transposition and implementation to ensure that the fears around automated upload filters are not realized.

We believe that the stakeholder dialogues and consultation process foreseen in Article 17(10) to provide input on the drafting of guidance around the implementation of this Article should be as inclusive as possible. The undersigned organisations represent consumers and work to enshrine fundamental rights into EU law and national-level legislation.

These organisations are stakeholders in this process, and we call upon the European Commission to ensure the participation of human rights and digital rights organisations, as well as the knowledge community (in particular libraries), free and open source software developers, and communities in all of its efforts around the transposition and implementation of Article 17. This would include the planned Working Group, as well as other stakeholder dialogues, or any other initiatives at consultation level and beyond.

Such broad and inclusive participation is crucial for ensuring that the national implementations of Article 17 and the day-to-day cooperation between online content-sharing service providers and rightholders respects the Charter of Fundamental Rights by safeguarding citizens’ and creators’ freedom of expression and information, whilst also protecting their privacy. These should be the guiding principles for a harmonized implementation of Article 17 throughout the Digital Single Market.

Yours sincerely,
Balázs Dénes
Executive Director
Civil Liberties Union for Europe (Liberties)

Association for Progressive Communications
APADOR-CH
ApTi Romania
Article 19
Associação D3 – Defesa dos Direitos Digitais
Associação Nacional para o Software Livre – Portugal
Bits of Freedom
BlueLink Foundation
Center for Media & Democracy
Centrum Cyfrowe Foundation
Civil Liberties Union for Europe
Coalizione Italiana Libertà e Diritti civili
COMMUNIA association for the Public Domain
Creative Commons
Digitalcourage
Digitale Gesellschaft e. V.
Electronic Frontier Finland
Electronic Frontiers Foundation
Elektronisk Forpost Norge
epicenter.works
European Digital Rights (EDRi)
Fitug e.v.
Hermes Center
Hivos
Homo Digitalis
Human Rights Monitoring Institute
Hungarian Civil Liberties Union
Index on Censorship
International Federation of Library Associations and Institutions (IFLA)
Irish Council for Civil Liberties
IT-Pol Denmark
La Quadrature du Net
Metamorphosis Foundation
Nederlands Juristen Comité voor de Mensenrechten (NJCM)
Open Rights Group
Peace Institute
Privacy First
Rights International Spain
Vrijschrift
Wikimedia Deutschland e. V.
Wikimedia Foundation
Xnet

1 Human rights and digital rights organisations: https://www.liberties.eu/en/news/delete-article-thirteen-open-letter/13194
2 Academics from the leading European research centres: https://www.create.ac.uk/blog/2019/03/24/the-copyright-directive-articles-11-and-13-must-go-statement-from-european-academics-in-advance-of-the-plenary-vote-on-26-march-2019/
Max Plank Institute: https://www.ip.mpg.de/fileadmin/ipmpg/content/stellungnahmen/Answers_Article_13_2017_Hilty_Mosconrev-18_9.pdf
Universities: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3054967
Researchers: https://www.southampton.ac.uk/assets/imported/transforms/content-lock/UsefulDownloads_Download/A6F51035708E4D9EA3582EE9A5CC4C36/Open%20Letter.pdf
UN special rapporteur on the promotion and protection of the right to freedom of opinion and expression: https://www.ohchr.org/Documents/Issues/Opinion/Legislation/OL-OTH-41-2018.pdf

Background

After two and a half years of inter-institutional negotiations, the European Parliament adopted the Directive on Copyright in the Digital Single Market on 26 March 2018. Rules bind the European Commission to hold stakeholder dialogues and the consultation process after the Directive is published in the Official Journal of the European Union. Member states will then have two years to implement the regulation. Regarding Article 17, a guidance on the application will be issued by the European Commission in order to help national implementation processes.

Read more

Open letter on the Copyright Directive stakeholder dialogue (20.05.2019)
https://edri.org/files/copyright/20190517-EDRI_copyright_open_letter.pdf

EU Member States give green light for copyright censorship (15.04.2019)
https://edri.org/eu-member-states-give-green-light-for-copyright-censorship/

Filters Incorporated (19.04.2019)
https://edri.org/filters-inc/

Censorship machine takes over internet (26.03.2019)
https://edri.org/censorship-machine-takes-over-eu-internet/

Copyright reform: Document pool
https://edri.org/copyright-reform-document-pool/

close