security & surveillance

While offering vast opportunities for exercising and enhancing fundamental rights, the digital environment also offers both opportunities to commit new offences and to impose new restrictions on our online rights. Measures such as filtering, blocking and untargeted surveillance are often easy to implement and extremely difficult to rectify. EDRi therefore works to ensure that all security and surveillance measures are necessary, proportionate and implemented based on solid evidence.

29 Jul 2015

French Constitutional Council approves sweeping surveillance powers

By Kirsten Fiedler

On 23 July, the French Constitutional Council approved sweeping surveillance powers for intelligence agencies. In its decision, the Council declared almost all provisions constitutional, in contradiction to vehement opposition from civil rights groups, human rights experts, academia and the online business sector. The “Loi Renseignement” (also dubbed the “French Patriot Act”) was passed by the French National Assembly on 24 June and allows intelligence agencies to tap phone and emails without judicial permission.

With regard to the scope of the law, the Council added only a few explanations in order to limit the extensive scope of grounds (the fight against collective violence and terrorism, the defence or promotion of major interests in foreign policy, economy, industry and science) that allow for surveillance by intelligence agencies.

Once the grounds are defined and duly justified, instead of a judicial approval, security officials need to request an authorisation from the newly created “National Committee for Control on Intelligence Techniques” (CNCTR). The Council ruled that the composition of the CNCTR, despite the fact that its members are appointed by political institutions, will be able to provide sufficient oversight and is thus in line with the French constitution. Unfortunately, the Council failed to provide any sort of analysis that would back up this decision.

Only last week, the United Nations Committee for Human Rights stated that the French law “grants overly broad powers for very intrusive surveillance on the basis of vast and badly defined objectives” and called on the French government to “guarantee that any interference in private life must conform to principles of legality, proportionality and necessity”.

France’s intelligence services can now deploy the list of surveillance measures, they now have the power to:

  • require internet service providers to install so-called “black boxes” to collect communications metadata directly from Internet companies, and to use algorithms to automatically flag suspect behaviour online;
  • remotely install trojan horses on personal computers to access camera, microphone and passwords;
  • deploy real-time localisation of a person, vehicle or object;
  • collect metadata via fake relay antennas for mobile phones (International Mobile Subscriber Identity, or IMSI catchers in short) to intercept traffic data and track the movement of phone users in a specific area;
  • carry out surveillance of lawyers, judges, parliamentarians and journalists.

The Council struck down only three of the law’s provisions, including one that would have allowed the services to intercept overseas communications. The problem is that other sections of the law that were not invalidated, clearly give responsibility to these services to act abroad. This is for instance the case of the new Article L. 811-2 of the Code of Homeland Security (CSI). Another provision (Article L821-6 new, CSI) that was invalidated would have allowed intelligence services to carry out surveillance without authorisation from the Prime Minister in “emergency cases” since it considered that this would be a disproportionate interference with the right to privacy. The last provision that was declared unconstitutional concerned the annual budget.

The French civil liberties group La Quadrature du Net regretted that

[t]his decision is extremely disappointing. The judges of the Constitutional Council decided to summarily dismiss the numerous arguments raised in the dozen briefs submitted to the Constitutional Council by many players in the defence of fundamental rights.

While some provisions of this law will now come directly into effect, others first need to be implemented by a series of decrees. However, La Quadrature du Net declared that it now wants to continue its fight, especially on a European level.

UN International Covenant on Civil and Political Rights report (24.07.2015)
http://tbinternet.ohchr.org/_layouts/treatybodyexternal/SessionDetails1.aspx?SessionID=899&Lang=en
http://tbinternet.ohchr.org/_layouts/treatybodyexternal/Download.aspx?symbolno=CCPR%2fC%2fFRA%2fCO%2f5&Lang=en

EDRi-gram: French surveillance billpushed ahead despite massive criticism (22.4.2015)
https://edri.org/french-surveillance-bill-pushed-ahead-despite-massive-criticism/

Shame on France: French Constitutional Council Widely Approves Surveillance Law! (24.7.2015)
https://www.laquadrature.net/en/shame-on-france-french-constitutional-council-widely-approves-surveillance-law

The Loi Renseignement is published in the Official Journal. What now?
http://www.nextinpact.com/news/95934-la-loi-renseignement-publiee-au-journal-officiel-et-maintenant.htm

(Contribution by Kirsten Fiedler, EDRi)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
29 Jul 2015

A new wave of Internet blocking in Turkey

By Guest author

On 25 July, the Turkish government ordered the blocking of 65 popular dissident and Kurdish websites and temporarily slowed down Twitter and Facebook access. This follows the government’s air attack against the Islamic State (Isis) and Kurdish forces in Syria. A few days earlier, Twitter was blocked entirely for a few hours.

On 20 July, an Isis suicide bomber killed 31 members of a youth organisation who were visiting the South Eastern town of Suruç to deliver humanitarian aid to war-torn Kobani. The Turkish government, which is increasingly under pressure for its alleged support to Isis and other al-Qaeda derivatives in Syria, reacted by attacking Isis in northern Syria. Kurdish forces, however, received an allegedly harsher attack from the Turkish government despite their ongoing fight against Isis.

The government’s change of policy is also reflected on pro-Isis websites that were blocked in mid-July. Prior to the attacks, they were allowed to operate freely within the country and had been used for recruitment and propaganda purposes.

The newly blocked websites joined the list of over 81 000 others which are compiled by engelliweb.com.

Turkey blocks Kurdish websites as Twitter and Facebook slows down (25.07.2015)
http://www.hurriyetdailynews.com/turkey-blocks-kurdish-websites-as-twitter-and-facebook-slows-down.aspx?pageID=238&nid=85917

AKP-backed ISIL group massacres at least 30 in southeastern Turkey (21.07.2015)
http://www.sendika.org/2015/07/akp-backed-isil-group-massacres-at-least-30-in-southeastern-turkey/

Turkey blocks Twitter following suicide bomb attacks (22.07.2015)
http://www.dw.com/en/turkey-blocks-twitter-following-suicide-bomb-attacks/a-18599198

Turkey sends in jets as Syria’s agony spills over every border (26.07.2015)
http://www.theguardian.com/world/2015/jul/26/isis-syria-turkey-us

Efe Kerem Sozeri on Twitter (26.07.2015):
https://twitter.com/efekerem/status/625423034954944512

Nato backs Turkey on IS as Ankara confirms attack on Kurds (29.07.2015)
https://www.irishtimes.com/news/world/europe/nato-backs-turkey-on-is-as-ankara-confirms-attack-on-kurds-1.2300050

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
29 Jul 2015

European Commission will “monitor” existing EU data retention laws

By Diego Naranjo

The European Commission (EC) told EDRi that it “will continue monitoring legislative developments at the national level” regarding the existence of data retention laws in EU Member States. The EC provided this non-committal response to the letter we sent on 2 July 2015, asking the Commission to investigate illegal data retention laws in the European Union.

EDRi, along with the Electronic Frontier Finland (EFF), the IT-Political Association of Denmark (IT-Ροl), the Open Rights Group (ORG), Panoptykon and other EDRi members, produced an analysis of a sample of existing national laws in EU Member States which requires the retention of their citizens’ personal data. Even though the Court of Justice of the European Union (CJEU) invalidated the Data Retention Directive in April 2014 in the Digital Rights Ireland Case v. Minister for Communications case (Joined Cases C-293/12 and C-594/12), there are still a number of existing and national laws in the EU which appear to be illegal in light of this ruling.

EDRi’s analysis sent to the European Commission concluded that the existing laws in at least six countries appear to be in contravention to the Charter of Fundamental Rights. The Commission, as guardian of the treaties, is legally required to do the necessary further research and ensure that Member States bring their practices into line with EU law, making use of the infringement procedures if necessary. If the Commission continues only “monitoring”, with million of EU citizens being subject to illegal data retention laws one year after the CJEU ruling, this will not be enough.

It is worth remembering that, before the Directive was struck down by the Court of Justice of the European Union, the European Commission used its powers aggressively to both threaten and apply every legal sanction available to force Member States to implement the legislation. The Commission furthermore refused a freedom of information request from Access Info Europe requesting access to relevant document from these cases.

“[T]he fact that data are retained and subsequently used without the subscriber or registered user being informed is likely to generate in the minds of the persons concerned the feeling that their private lives are the subject of constant surveillance”

– Court of Justice of the European Union in the 2014 Digital Rights Ireland case (Joined Cases C-293/12 and C-594/12), para. 37

The European Commission’s response to EDRi’s letter (28.07.2015)
edri.org/files/eudatap/Re_EC_EDRi-GDPR.pdf

EC-dr-response

European Digital Rights asks the European Commission to investigate illegal data retention laws in the EU (02.07.2015)
https://edri.org/edri-asks-european-commission-investigate-illegal-data-retention-laws/

European Parliament Legal Service Opinion on CJEU Data Retention ruling (14.01.2015)
https://edri.org/legal-service-opinion-on-cjeu-data-retention-ruling/

EDRi: Data retention: EU Commission – guardian and enemy of the treaties (17.12.2014)
https://edri.org/data-retention-eu-com-guardian-enemy/

Digital Rights Ireland Case v. Minister for Communications case (Joined Cases C-293/12 and C-594/12)
http://curia.europa.eu/juris/document/document.jsf?docid=150642&mode=req&pageIndex=1&dir=&occ=first&part=1&text=&doclang=EN&cid=334440

Update on the status of data retention laws in Europe (28.07.2015)
http://mslods.com/2015/07/28/update-on-how-the-west-is-backing-away-from-data-retention/

Data retention: Commission takes Germany to Court requesting that fines be imposed (31.05.2015)
http://europa.eu/rapid/press-release_IP-12-530_en.htm

Access Info Europe document request: Infringement proceedings Data Retention Directive (2006/24/) (18.11.2012)
http://www.asktheeu.org/en/request/infringement_proceedings_data_re

Court of Justice of the European Union in the 2014 Digital Rights Ireland case (Joined Cases C-293/12 and C-594/12), para. 53
http://curia.europa.eu/juris/document/document.jsf?docid=150642&mode=req&pageIndex=1&dir=&occ=first&part=1&text=&doclang=EN&cid=334440

(Contribution by Diego Naranjo, EDRi)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
29 Jul 2015

David Wessel: “I get between three and five take down notices daily”

By Guest author

This is a translation in the 50th edition of a series hosted at rechtaufremix.org, entitled “Remixers”. The series is about people and their experiences and attitudes to remixing and the remix culture. The 50th edition went back to talk to the very first interviewee: David Wessel aka Mashup-Germany.

David Wessel was born in Cologne, but has a US passport and lives in Frankfurt. For several years, under the name Mashup Germany, he has very successfully produced audio mashups and publishes these for free on the Internet. He has supported the initiative for a right to remix from its very start in May 2013. He gave the first interview in this series, in which he spoke of the “greatest generation gap since the ’68 movement”. The legally precarious nature of his work became clear again recently, when the online audio platform SoundCloud locked his account recently, due to allegations of multiple copyright infringements.

David, you are currently in a battle with SoundCloud – what happened?

My SoundCloud account “MashupGermany” has been blocked after it was the subject of a third so-called “strike” due to allegations of copyright infringement. In such circumstances, an account is normally deleted after seven days. My account is still online, but I can no longer use it actively and I receive daily between three and five further “strikes”. In previous years, I was left peace.

… And what’s the problem?

As you can read in the press, SoundCloud is currently under considerable pressure from the major labels exposed, and the tightening and more rigid implementation of its take-down policy may be the result. But perhaps the content recognition algorithm was also improved, or maybe the conversion of my accounts on the hypeddit-system (requiring the user has to post a comment on a track before he or she can download it), could have wakened sleeping dogs. But all of this is just speculation.

Have you tried to contact with the labels? What was their reaction?

I have spoken with the Copyright Division of Sony. They reacted with a great degree of understanding, but unfortunately they have their hands tied. The takedown notices came from the International Federation of the Phonographic Industry (IFPI), which represents the Sony in enforcing their copyright and ancillary rights worldwide.

One of the “strikes” was due to “Wadde Funk Da”, a production that I had produced for Brainpool and for my visit to TV Total. Unfortunately, the rights acquired were only in the context of that activity and not for the streaming on SoundCloud. Another “strike” was my “REBOOT: SUMMER” DJ Mix, which is about 90 minutes. Unfortunately neigher SoundCloud nor Sony were able to specify what part of the recording was the subject of the notice. This means that I have no possibility of being able to defend myself against the notices against this nor against the notice regarding”Uppers & DOWNERS” Mashup Mix, which represents the third “strike” of the Universal Music Group.

If your account should be closed, do you already have plans and ideas for an alternative?

I am pursuing different options for presenting my mashups in the future. However, this also includes a variant that does not use any downloads. I would find this very unfortunate, but the current situation leaves few options.

You have now more than 250 000 Facebook fans, which puts you at the level of a pop star. However, your mashups are rarely played on the radio – do you get any requests from radio stations?

My mashups run regularly in almost all German channels. On 1Live, I’ve been taking part in the programme, for about a year for example, and contributed new mixes and mashups for Rock am Ring or 1Live crown. Mashups are though extremely rare in the daily playlists of radio stations, however, which is primarily due to the unclear legal situation.

That is why we have launched the online Mashup Radio channel at Iloveradio.de about two years ago. I put the music together and the best mashups run from around the world 24/7. About a year ago we also started the German Mashup charts, in particular to encourage newcomers to the scene.

Like many other mashup artists, you’ve long called for a “right to remix”. However, there are hardly mainstream artists who address this point, or want to. Why is that?

Because they aren’t suffering enough from the current situation and out of fear of repression. Anyone who rises to speak makes himself or herself visible and becomes a bigger target. A lot of artists, particularly better known artists fear this. Also, many of these, sooner or later, fall back into the segment that focus on monetising their own productions.

What happens next for you?

I was just able to recover in Sweden for a week after the last few weeks of festivals. I sat a lot on the plane and was often pelted with paint or water. There are still some festivals this year and then I would like, before the autumn starts the next club tour, to concentrate on production. In the coming months, “Deep Exception – Vol.3″, a Deep House Mashup set, and the mashup to “1Live Krone 2015″ are on the agenda. It will be exciting.

Right to remix Interview with David Wessel: “I get between three and five take down notices daily” (only in German, 24.07.2015)
http://rechtaufremix.org/remixer-50-david-wessel-ich-erhalte-taeglich-zwischen-drei-und-fuenf-strikes/

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
29 Jul 2015

ENDitorial: European Parliament – translating freedoms into Chinese

By Joe McNamee

In the autumn 2015, the Committee on Civil Liberties, Justice and Home Affairs of the European Parliament (LIBE) will resume its discussions of a draft resolution on “radicalisation”, led by Rachida Dati, a French conservative member. Her draft includes several bizarre statements, but one on Internet “giants” stands out as being particularly extreme.

The proposal includes an entirely superfluous call for “Internet giants” (but not everyone else?) to be “made aware” of their responsibilities to delete illegal content. These obligations exist since 2000, and will therefore hardly be news to any internet company, and certainly not the ones with the best funded legal departments.

Then, however, the text becomes somewhat more sinister. It calls on EU Member States to consider criminal sanctions against undefined “digital actors” who do not take unspecified “action” “in response to the spread of illicit messages that praise terrorism on their internet platforms”. The proposal then goes on to suggest that an inadequate response from the the actor “should be considered an act of complicity with praising terrorism and should consequently be punished”. This would create an overwhelming pressure on any company, organisation or individual whose online presence could be considered to be a “platform” – particularly smaller ones that could not afford any litigation – to delete any content that risked subsequently being considered illegal.

The first question that needs to be asked is why? What is the experience in Europe that suggests that Internet platforms are leaving illegal terrorist material online? What is the experience that is so severe that criminal sanctions are necessary? What is the experience that shows that, in any European country, the existing sanctions are not adequate? In a democratic society, is it appropriate to use coercive measures to persuade private companies to delete content in the complete absence of any counterbalancing obligations to leave legitimate (even if unwelcome) speech online?

Dati’s suggestion would bring Europe very closely into line with the Chinese law on “Measures on the Administration of Internet Information Services” that was adopted in 2000.

As bad as this is, it actually gets worse. When Members of the Parliament (MEPs) were drafting their amendments, they relied on translations that drifted away from the original meaning. For example, the English translation would make Internet companies liable for “illegal messages OR messages praising terrorism” i.e. the platforms would become criminally liable for failing to take action against messages that were not, in fact, illegal.

Worse still, rather than objecting to this notion, the Parliamentarian representing the Socialists and Democrats group, the “shadow rapporteur” Ana Gomes, suggested that law enforcement authorities should have the quasi-judicial role of telling Internet companies what they should delete and, in addition, that they should become criminal liability for failing to do everything “to the best of their human and technical capability” not just to delete illegal content, but to identify it as well. Instead of the rule of law and a Charter of Fundamental Rights that requires restrictions on our human right to be necessary, proportionate and effective, we would have the police as judges and automatic software finding and automatically deleting anything that would create a legal risk for Internet companies.

This would make European law somewhat more restrictive than those of China’s Administrative Measures on Internet Information Services (2000), which do no require proactive searching for potentially illegal content:

Article 15. Internet information service providers shall not produce, reproduce, distribute or disseminate information that includes the following contents:

(1) content that is against the basic principles determined by the Constitution;
(2) content that impairs national security, divulges State secrets, subverts State sovereignty or jeopardizes national unity;
(3) content that damages the reputation and interests of the State;
(4) content that incites ethnic hostility and ethnic discrimination or jeopardizes unity among ethnic groups;
(5) content that damages State religious policies or that advocates sects or feudal superstitions;
(6) content that disseminates rumors, disturbs the social order or damages social stability;
(7) content that disseminates obscenity, pornography, gambling, violence, homicide and terror, or incites crime;
(8) content that insults or slanders others or that infringes their legal rights and interests; and
(9) other content prohibited by laws or administrative regulations.
Article 16. If an Internet information service provider discovers that information transmitted by its website clearly falls within the contents listed in Article 15 hereof, it shall immediately discontinue the transmission of such information, keep relevant records and make a report to relevant State authorities.

LIBE Draft Report on prevention of radicalisation and recruitment of European citizens by terrorist organisations (2015/2063(INI)) (01.06.2015)
http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-%2f%2fEP%2f%2fNONSGML%2bCOMPARL%2bPE-551.967%2b01%2bDOC%2bPDF%2bV0%2f%2fEN

LIBE Draft Report on prevention of radicalisation and recruitment of European citizens by terrorist organisations (2015/2063(INI)) (in French, 01.06.2015)
http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-%2f%2fEP%2f%2fNONSGML%2bCOMPARL%2bPE-551.967%2b01%2bDOC%2bPDF%2bV0%2f%2fFR

Amendments on prevention of radicalisation and recruitment of European citizens by terrorist organisations (03.07.2015)
http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-%2f%2fEP%2f%2fNONSGML%2bCOMPARL%2bPE-560.923%2b01%2bDOC%2bPDF%2bV0%2f%2fEN

China’s Administrative Measures on Internet Information Services (20.09.2000)
http://www.china.org.cn/business/2010-01/20/content_19274704.htm

(Contribution by Joe McNamee, EDRi)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
27 Jul 2015

EU PNR document pool

By Diego Naranjo

nopnr

The proposal for a EU PNR Directive  (Fight against terrorism and serious crime: use of passenger name record (PNR) data (procedure file 2011/0023(COD) ) was adopted by the European Parliament’s Civil Liberties Committee on 15 July 2015. The narrow vote (32 in favor, 26 against, no abstentions) in favour happened despite the rejection of this same EU PNR proposal by same Committee in 2013, despite the Court of Justice of the European Union (CJEU) despite the ruling invalidating the Data Retention Directive last year and despite the referral to the CJEU of the EU Canada PNR agreement.

EDRi has repeatedly reported , in line with the opinions presented by a range of independent experts of EU law, that this profiling measure presents serious risks for fundamental rights, that it is not necessary, that it is not proportionate to the aims that seeks to achieve and that it is not even effective. The rapporteur of the proposal, Timothy Kirkhope (UK, ECR) brought the proposal back to the European Parliament (EP) despite the number of criticisms coming from MEPs, civil society organisations, the Article 29 Working Party, the EU Fundamental Rights Agency and the European Data Protection Supervisor.

The votes per political group were (according to data shared with MEPs by the LIBE Committee secretariat):

EPP: 18 in favour

In favour: Heinz K. Becker, Michal Boni, Anna-Maria Corazza Bildt, Rachida Dati, Frank Engel, Mariya Gabriel, Esteban González Pons, Kinga Gál, Monika Hohlmeier, Barbara Kudrycka, Jeroen Lenaers, Monica Macovei, Roberta Metsola, Artis Pabriks, Csaba Sógor, Traian Ungureanu, Axel Voss, Tomáš Zdechovský.

Socialists and Democrats: 2 in favour 11 against

In favour: Claude Moraes, Marju Lauristin

Against: Tanja Fajon, Monica Flašíková Beňová, Anna Gomes, Sylvie Guillaume, Iliana Iotova, Sylvia-Yvonne Kaufmann, Kashetu Kyenge, Norbert Neuser, Péter Niedermüller, Soraya Post, Birgit Sippel

ECR: 6 in favour:

In favour: Daniel Dalton, Jussi Halla-aho, Timothy Kirkhope, Helga Stevens, Michał Ujazdowski Kazimierz, Branislav Škripek

ALDE: 4 in favour, one against

In favour: Louis Michel, Cecilia Wikström, Nathalie Griesbeck, Filiz Hyusmenova,

Against: Sophia In’t Veld

EFDD: One in favour, three against

In favour: Cristina Winberg

Against: Gerard Batten, Ignazio Corrao, Laura Ferrara

GUE/NGL: 4 against

Against: Malin Björk, Cornelia Ernst, Barbara Spinelli, Marie-Christine Vergiat

Greens/EFA: 4 against

Against: Jan-Philipp Albrecht, Eva Joly, Judith Sargentini, Valero Bodil

ENF: 2 against

Against: Lorenzo Fontana, Vicky Maeijer

Non-aligned: 1 in favour, 1 against

In favour: Juan Fernando López Aguilar

Against: Udo Voigt

When the LIBE Committee of the EP adopted the proposal, it also approved the initiation of trialogue discussions with the Council, which will start next September. The EP negotiating team is composed as follows: Mr Moraes (S&D), LIBE Chair; Mr Kirkhope (ECR), rapporteur, and the shadow rapporteurs Mr Voss (EPP), Ms Sippel (S&D), Ms In’t Veld (ALDE), Ms Ernst (GUE/NGL), Mr Albrecht (Greens/EFA), Ms Winberg (EFDD) plus an ENF Member to be confirmed.

In this document pool we will add the documents that will be used during the trialogues:

European Commission proposal (02.02.2011)

– Council document: Background information for the trialogues (20.07.2015)

– Council document: 5 column table with the proposal for the trialogues (20.07.2015) (pdf).

close
22 Jul 2015

EU Commission – finally – confirms that its promise on data protection will be respected

By Joe McNamee

Last April, EDRi, supported by other sixty-five NGOs from the European Union, North, Central and South America, Africa, Asia and Australia sent a letter (PDF) to the European Commission. The letter asked if the Commission would respect the “absolute red line” that the protection levels in the 1995 Data Protection Directive would be maintained.

This commitment is now critically important, as the EU institutions are currently involved in “trialogue discussions” (infographic), which are expected to finalise the data protection reform process started five years ago with a Commission Communication. A clear position from the leadership of the Commission on the protection of existing standards is crucial to ensure that some of the more extremist policies (PDF) proposed by some Member States can be definitively taken off the table, for the benefit of the coherence, trust and credibility that all stakeholders need from the final Regulation and Directive.

Today, we received a positive answer (PDF) from the European Commission, confirming that they will respect the commitment to respect the levels protection set in the Directive 95/46/EC:

The Commission has been and will continue to be true to this commitment.

Ahead of the next trialogue meetings starting again in September, this commitment sets important boundaries on what is, and what is not, acceptable as this process moves forwards.

All actors involved in these negotiations need not to be distracted with siren calls from a small number of private actors who, as they historically always do, mistake good regulation for constraints on business. As Paul Nemitz, Director for Fundamental rights and Union citizenship in the Directorate – General for Justice of the European Commission, explained to the Wall Street Journal: “The path toward trust through high levels of protection is good for the economy, good for growth and employment.”

Read the Commission’s response:
17072015-eudatap-Commission-95

close
15 Jul 2015

Remembering Caspar Bowden

By Guest author

We are sad to report the death of EDRi member FIPR’s first Director, Caspar Bowden. Caspar was one of the people who met in 1998 to set up the Foundation for Information Policy Research (FIPR), in response to the introduction of what later became the Regulation of Investigatory Powers Act. Caspar was FIPR’s Director from 1998-2002, when his main achievement was leading a lobbying campaign against the Bill as it went through Parliament. He secured the “Big Browser” amendment which defined traffic data as the information required to identify the machine participating in a communication; the government had actually wanted it to mean the whole URL that you visit, but Caspar argued forcefully that that would entitle the police to get your search history with a production order rather than requiring a warrant. His early clarification of the boundary between “communications data” and “content” has had a substantial impact on privacy since.

Caspar helped secure a large donation (of GBP100k from Microsoft) which got FIPR’s initial fundraising campaign off to a running start; he also attracted many prominent technology people to FIPR’s advisory council. Caspar was also involved in the discussions that led to the foundation of EDRi.

Caspar moved to Microsoft in 2002 and worked for them for nine years as their Chief Privacy Adviser for Europe, the Middle East and Africa. What that actually entailed he described in a talk at the The 31st Chaos Communication Congress (31C3) that is linked at the bottom of this article; he was responsible for briefing and coordinating some of the activities of about forty executives, each of which managed the company’s relationships with some particular country. He pointed out to them that the The United States Foreign Intelligence Surveillance Court’s (FISA Court’s) powers meant that governments entrusting their data to US clouds were giving unfettered access to the US intelligence services. He was subsequently fired.

For the last four years of his life he was a strong critic of US surveillance and the failure of European institutions to do anything effective about it. He was a gifted communicator who could explain complex technical issues around wiretaps, surveillance and cryptography to policy and lay audiences.

The Snowden revelations completely vindicated him. He worked tirelessly to explain their policy significance, providing a rapid and learned response to the disclosures in a major report for the Committee on Civil Liberties, Justice and Home Affairs of the European Parliament (LIBE), “The US surveillance programmes and their impact on EU citizens’ fundamental rights”. He was on the board of the Tor project as well as in the FIPR advisory council, and helped to promote the Qubes, a security-focused desktop operating system.

He told friends and colleagues some months before his death that he had been diagnosed with cancer. He is survived by his wife Sandi.

31C3: Caspar Bowden: The Cloud Conspiracy 2008-2014
https://youtu.be/d7TyBK-gMgk

EU Parliament Report: Impact of NSA Surveillance Programs on EU Citizen’s Fundamental Rights
https://publicintelligence.net/eu-nsa-surveillance/

Pro-privacy titan Caspar Bowden dies after short cancer battle (09.7.2015)
http://www.theregister.co.uk/2015/07/09/caspar_bowden_dies_cancer_battle/

Obituary: Caspar Bowden, privacy campaigner (09.07.2015)
http://www.computing.co.uk/ctg/feature/2417143/obituary-caspar-bowden-privacy-campaigner

Data Protection Activist Caspar Bowden died (09.07.2015)
https://netzpolitik.org/2015/datenschutz-aktivist-caspar-bowden-ist-gestorben/

Caspar Bowden obituary (13.07.2015)
http://www.theguardian.com/world/2015/jul/13/caspar-bowden

(Contribution by Ross Anderson, EDRi member FIPR, United Kingdom)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
15 Jul 2015

Remembering Özgür Uçkan

By Guest author

Özgür Uçkan, one of the pioneers of the digital rights and free Internet movement in Turkey, passed away on 10 July. He was 54 years old, and had been battling with cancer for two years.

He was one of the founders of the Turkish EDRi member Alternative Informatics Association (AIA) and his contribution to the AIA and to the struggle against surveillance and censorship in Turkey was enormous. He held the post of the EDRi representativeness of AIA, but had to leave this post due to his illness.

Özgür was an multi-faceted person and successfully combined activism with his academic life and art criticism. He was a well-known personality in Turkey who frequently appeared in conferences and media.

He will be dearly missed.

Özgür Uçkan
http://www.ozguruckan.com/

Dr. Özgür Uçkan passed away (only in Turkish)
http://www.ozguruckan.com/kategori/kategorilenmemis/63029/dr.-ozgur-uckan-i-kaybettik

(Contribution by Melih Kirlidog, EDRi member Alternatif Bilisim, Turkey)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
15 Jul 2015

Dutch Minister reveals plans for dragnet surveillance

By Guest author

Ronald Plasterk, the Dutch Minister of the Interior, wants to make sure that the Dutch secret services have the powers to spy on the behaviour of all citizens and gain insight in all of their communications: phone calls, emails, chat messages and website visits. This much is clear after he published an update of the 2002 secret services bill and put it into online consultation on 2 July.

Dutch digital rights organisation, EDRi member Bits of Freedom will scrutinise the bill and provide input for the consultation. Three things immediately jump out as very worrying on a first inspection:

The secret services will gain the power to use a dragnet form of surveillance. The Minister has given assurances that the dragnet will only be used for specific purposes, but has not provided adequate safeguards limiting the mass surveillance of unsuspected citizens. There is no guarantee that these powers will only be used to target a specific group of people instead of a much broader and ill-defined group, like all persons in the Netherlands who are in contact with, for example, Syria. What if the services want to do the same for Morocco, France, or the United States? And do this all at the same time?

If there is a suspicion that someone wants to do harm, then it’s already possible to put them under surveillance, if necessary and proportionate. The Dutch services currently have the option to wiretap all communications of their targets. Using this dragnet to identify or monitor possible threats for the Dutch national security will inevitably ensnare many innocent people, breaching their rights in the process. There hasn’t been any discussion in the Netherlands about the necessity of these powers.

A second issue in the proposed bill is access to this bulk data by foreign services. Data which has been intercepted in bulk by the Dutch secret services can be shared in bulk with foreign services, even before the data has been evaluated. Anybody can be put under surveillance as soon as the Dutch secret service learns that they have previously been under surveillance by a foreign service, regardless of whether this person would be considered dangerous under Dutch law.

A final issue is the expansion of the hacking powers of the secret services. Since 2002, they have been allowed to hack into devices of a subject (which could also mean the servers of a forum). In this proposal, this power will be expanded to include subjects that are in some way, even if only technically, connected to the actual subject, in order to get to the actual subject. This could mean that an unsuspecting user of a server might be hacked to gain access to another user of that same server.

The proposed bill obviously also affects non-Dutch citizens and does not provide any answers to the global problem of state surveillance. Rather, it could be seen as an attempt to bring the Netherlands into the surveillance game. Instead of making an effort to end mass surveillance this bill only increases the number of mass surveilling states.

The online consultation will be open till 1 September 2015.

The online consultation for the law (only in Dutch)
https://www.internetconsultatie.nl/wiv/reageren/

Dutch intel bill proposes non-specific (“bulk”) interception powers for “any form of telecom or data transfer”, incl. domestic, plus required cooperation from “providers of communication services” (02.07.2015)
https://blog.cyberwar.nl/2015/07/dutch-intelligence-bill-proposes-non-specific-bulk-interception-powers-for-any-form-of-telecom-or-data-transfer-incl-domestic/

(Contribution by Ton Siedsma, EDRi member Bits of Freedom, Netherlands)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close