security & surveillance

While offering vast opportunities for exercising and enhancing fundamental rights, the digital environment also offers both opportunities to commit new offences and to impose new restrictions on our online rights. Measures such as filtering, blocking and untargeted surveillance are often easy to implement and extremely difficult to rectify. EDRi therefore works to ensure that all security and surveillance measures are necessary, proportionate and implemented based on solid evidence.

28 Apr 2016

Leaked EU Communication – Part 2: Protecting Google at all costs

By Joe McNamee

Leaked EU Communication – Part 2: Protecting Google at all costs

While the European Commission talks tough about supporting European industry, much of what is in the leaked Communication on online platforms appears to be designed to protect Google and other online giants, to the detriment of competition and European innovation.

Fair payments” for copyright

The Communication refers obtusely to the notion of “fair” distribution of revenue for copyrighted material that is “made available” through platforms. The wording in some parts of the text appears to refer to proposals to introduce “ancillary copyright”, which is often referred to as a “Google tax”. Services like Google News use small snippets from articles to give an indication of the content of stories and publishers want to be paid for this use of their content.

Publishers put their newspapers online in order for people to read them. When people find them through Google News, this makes the publication more successful. Publishers want to be “compensated” because Google also benefits from this.

In Germany, where an “ancillary copyright” levy was imposed, local German companies have to pay to provide news aggregation services. However, since the introduction of ancillary copyright, the biggest media companies have agreed to unpaid listing on Google News. Google uses its dominance to avoid paying anything at all. Small German companies suffer. Google benefits.

In Spain, an “ancillary copyright” law was introduced, under which payments are obligatory. So, Google News left Spain completely. This means that people just go directly to the larger news outlets that they know, which undermines the accessibility of smaller outlets that are now less easy to find. Small Spanish news outlets suffer. Google doesn’t suffer.

Now the European Commission is considering this model for all of the twenty-eight countries of the European Union.

Censorship

The leaked Communication lauds the “success” of the Commission’s “EU Internet Forum“. The Internet Forum (pdf, a Commission-driven project, in cooperation with US online companies to tackle terrorist content and hate speech online) aims to develop a “code of conduct” for the processing complaints about “illegal” content (or harmful content or just breaches of terms of service) by online companies. Guess how many European companies take part in the IT Forum? Hint: The number is less than one. So, Google (with Facebook and Twitter) have the right to negotiate a baseline level responsiveness to complaints, as well as speed of censorship of illegal (and legal) content. European start-ups are not in the room, but will be expected to respect this baseline, even if this is cripplingly expensive or impractical. They do not have the economies of scale that Google does. European companies suffer. Google wins.

Liability

The European Commission threatens “sectoral” legislation on liability, in addition to the existing E-Commerce Directive, to deal with, inter alia, possible copyright infringements. Google already has advanced restrictions in place. For example, it deletes over one million links that have been accused of copyright infringements every day. Similarly, YouTube implements a process called “ContentID, a senior legal counsel at Google once (in his previous job) described as a tool to “massacre” fair use of copyrighted material. Regardless of what copyright flexibilities exist in law, ContentID allows rightsholders to delete content directly from YouTube.

In short, Google is very well equipped to deal with any new, more onerous liability obligations. Indeed, the more restrictive they are, the bigger the Google’s economy of scale and the bigger the competitive advantage that will be given to Google.

Blind faith

On dealing with illegal or unwelcome content, the Commission’s approach is quite simple, and almost beautiful in its naïveté.

It will give Google the problem of liability and the problem of public relations pressure to do “more” (with no baseline) to deal with hate speech, terrorism, child protection, copyright, etc.

The European Commission then hopes that Google, when seeking to solve these liability and public relations problems will, by coincidence, solve the Commission’s public policy problems. The Commission hopes that Google will solve these problems in a way

  • which is transparent and necessary;
  • which is proportionate;
  • which will continue, in the medium and long term, to be effective and proportionate in an ever changing online landscape;
  • which respects the rule of law;
  • which respects free speech;
  • which respects other jurisdictions and, of course;
  • which does not involve any deliberate or accidental anti-competitive behaviour that will.

Seems reasonable.

close
27 Apr 2016

Leaked EU Communication – Part 1: Privatised censorship and surveillance

By Joe McNamee

EU Charter of Fundamental Rights: Subject to the principle of proportionality, limitations [to fundamental rights ]; may be made only if they are necessary and genuinely meet objectives of general interest recognised by the Union or the need to protect the rights and freedoms of others.

A draft European Commission Communication on Platforms has been leaked. The proposals with regard to the regulation of “illegal” “or harmful” content are hugely disturbing. In summary, the European Commission seems willing to completely give up on the notion of law. Instead, regulation of free speech is pushed into the hands of Google, Facebook and others.

In relation to audiovisual regulation (to update the EU AVMS Directive), the draft suggests that an EU Kids Online research project shows that “children are more and more exposed to harmful content through video-sharing platforms”. This research project does not actually show this at all – it is researched children’s perception of risk and does not provide detailed analysis over time about actual exposure.

In relation to the real motivation behind the privatised censorship proposals (copyright), the draft talks about platforms “which make available copyright-protected content uploaded by end-users”. The wording is very deliberate. While the E-Commerce Directive gives liability protection to hosting companies that passively host content on behalf of their users, “making available” is an active use of content for which the rightsowner has a “exclusive right to authorise or prohibit any communication to the public”. As a result, any “making available” by online platforms without prior consent of the rightsholder would be a breach of copyright, for which the platform would be liable. The only option for being liable for a “making available” by your customers is to subject any uploads to prior checking, filtering and/or takedown in cases of doubt. Online platforms already delete vast amounts of perfectly legal content uploaded by users, so this new incentive would make the situation even worse.

The European Commission even looks to the big online monopolies to take “more effective” action to protect “key societal values”. More effective than what? What values? With what oversight? Following what rules? No rules at all, according to the European Commission – it should be done using “effective voluntary action”. What would this look like? Facebook has already undertaken experiments which show that it has the power to manipulate elections, to manipulate people’s mood or even to manipulate people working in a specific building. No rules are being considered to limit such behaviour.

Remarkably, this approach is not being proposed due to ignorance on the part of the Commission – the text explicitly refers to situations where “information is filtered via algorithms, or manipulated through opaque moderation processes”. How should this risk to our “key societal values” be addressed? Apparently, it will be achieved by ensuring “non-discrimination, or to ensure transparent, fair and non-discriminatory access to information” when access to information is being “manipulated through opaque moderation processes”. The blatant contradiction is apparently not obvious to whomever wrote this part of the text.

The Commission also sees a concern on the part of online platforms that they could become liable for illegal material, if they have systems in place to carry out proactive surveillance. It therefore suggests that measures are needed to “provide certainty” for companies “enabling them to undertake such responsible behaviour”.

Sadly, there is also definitive proof of the fact that the entire text is an example of policy-based evidence-making: it is provided by the statement that extension of certain obligations to online platforms “has been confirmed by the responses to the public consultations on the Telecoms Review and the ePrivacy Directive Review ”. The public consultation on the ePrivacy Directive has not finished and was only launched two weeks before the leaked draft was published – so it confirmed nothing, yet! Similarly, the text refers to the “success” of the Commission-led “self-”regulatory Internet Forum on terrorism and hate speech, even though that project has not produced anything, except some soothing press releases.

Summary: The key societal value of predictable and accountable restrictions on fundamental rights is at risk. With evidence being moulded to suit pre-existing policies, the European Commission appears eager to ensure that the online monopolies monitor online activity, take action to remove any content that creates legal risks for them, and arbitrarily police content to “protect” unspecified and undefined “societal values”. Instead of laws, we will have terms of service. Instead of accountability, we will have unaccountable censorship imposed by a system where, in the Commission’s own words, “information is filtered via algorithms, or manipulated through opaque moderation processes”.

All of this will, the Commission hopes create “the right framework conditions for user trust, innovation and value creation in Europe”.

close
26 Apr 2016

#ReadAnneDiary (if you can)

By Diego Naranjo

The chaotic and outdated copyright framework in the European Union (EU) negatively impacts citizens by placing absurd restrictions on use of cultural goods. These restrictions benefit neither authors nor  society in general. The European Commission (EC), in its quest to achieve a Digital Single Market, is aiming at reforming the situation and is trying to move towards a “modern, more European copyright”. So far, however, there is no sign of the necessary ambition that a real modernisation requires.

Today Centrum Cyfrowe, Communia, and Kennisland have highlighted how Europe’s copyfails affect the world famous book “The Diary of Anne Frank”. They have published the text at  www.annefrank.centrumcyfrowe.pl, because the book is now in public domain in Poland. However, before trying to download it have a look out your window first: Are you in Poland when accessing this website? You’re not? Sorry, you cannot legally access the content!

Due to the unharmonised patchwork that EU copyright law is, citizens across the EU enjoy different rights in different Member States. The specific reason in this case relates to the difference of publication dates of the original transcripts, of which Anne Frank is obviously the only author. A special provision for extended protection for works published posthumously (as it is the case of the original manuscripts of the Diary) was removed in Poland in 1952, while it exists in Dutch law. According to Communia’s analysis, Anne Frank’s original writings are in the public domain in Poland since 1 January 2016 but that copyright may have not expired in other countries, such as the Netherlands.

The case of the Diary of Anne Frank only shows one more of the many copyfails of the copyright EU framework, which the EU seems reluctant to meaningfully improve. If the EU really aims at having a Digital Single Market and a modern copyright regime which is suited to the digital world, then it needs to go beyond the timid patches that is proposing (text and data mining exception, freedom of panorama…) and create a robust copyright regime that benefits the public interest and ensures innovation and creativity in the XXI century.

Anne Frank and the Term of Copyright Protection: Why it’s Time to Move from Harmonisation to Unification (25.04.2016)
http://www.communia-association.org/2016/04/25/anne-frank-term-copyright-protection-time-move-harmonisation-unification/

EDRi joins open letter asking for an ambitious copyright reform (07.04.2016)
https://edri.org/edri-joins-open-letter-asking-for-an-ambitious-copyright-reform/

Copyright reform: Restoring the facade of a decrepit building (16.12.2015)
https://edri.org/copyright-reform-restoring-the-facadeof-a-decrepit-building/

Copyright for Creativity coalition: The Copyright Reform: Everyday I’m Hurdling – The EC’s latest hurdles on the race to the finish line (06.04.2016)
http://copyright4creativity.eu/2016/04/06/the-copyright-reform-everyday-im-hurdling-the-ecs-latest-hurdles-on-the-race-to-the-finish-line/

close
20 Apr 2016

Member Spotlight: Access Now

By Guest author

Members_in_the_spotlight_Banner_narrow

This is the second article of the series “EDRi-Member in the Spotlight” in which our members have the opportunity to introduce themselves and their work in depth.

Today we introduce the international organisation “Access Now”.

Photo_AccessNow_2016

1. Who are you and what is your organisation’s goal and mission?

Access Now defends and extends the digital rights of users at risk around the world. We combine innovative policy, user engagement, and direct technical support, and fight for open and secure communications for all.

We are fighting against internet shutdowns and mass surveillance, for corporate and government transparency and a secure internet, for MLAT reform and net neutrality and we’re really really into encrypting ALL THE THINGS!

But we are first and foremost a tech-driven organisation. Our brilliant tech team valiantly runs the Digital Security Helpline which operates out of Manila, Tunis and Costa Rica, working 24/7 to assist civil society, activists, bloggers and journalists on the ground in digital need around the world.

2. How did it all begin, and how did your organisation develop its work?

Access Now was founded in 2009 by four people – Brett Solomon, Cameran Ashraf, Sina Rabbani and Kim Pham – after the turbulent Iranian presidential election of that year. During the protests that followed the contested election, Access Now took a strong role in supporting secure communications, protecting independent websites and disseminating the video footage that came out of Iran despite government efforts to thwart outgoing communication. Since then, the key focus has been on empowering users and fighting ill-advised government policies in our increasingly networked, digital world.

an

 

3. The biggest opportunity created by advancements in information and communication technology is…

… fostering free expression, human development, building bridges and overcoming the lack of diversity. As a society we have the tools to make a lot of real, positive change.

4. The biggest threat created by advancements in information and communication technology is…

…. currently to the right to private life and data protection, human intimacy and trust. We’ve voluntarily accepted cameras and microphones into all areas of our lives. But it does not have to be that way. Technology can and must be human rights- protecting and enhancing.

5. Which are the biggest victories/successes/achievements of your organisation?

We have been involved in global victories for net neutrality in the EU, the US and in India, for privacy in the EU, against data retention in Paraguay, for corporate accountability globally, on the government surveillance in the US and many more. Without our cooperation with EDRi, none of our success in the EU would have been possible.

One of our greater endeavors is the organisation of a yearly conference, RightsCon, where the world’s human rights experts, business leaders, technologists, engineers, investors, activists, and government representatives come together to discuss issues at the intersection of technology and human rights. The latest edition recently took place in San Francisco in March 2016. The atmosphere in this year’s edition was fantastic and next year we are bringing it to Europe! So let’s make sure European civil society is over-adequately represented.

Fun fact: In 2010 we were finalists for the European Union’s 2010 Sakharov Prize for Freedom of Thought!

6. If your organisation could now change one thing in your country, what would that be?

Since we are a global organisation, we will simply ask for the protection of an open, free and secure internet globally.

Here in Europe we would like to see governments reconnect with the people they are elected to protect through user-centric rights-enhancing policies bringing transparency, accountability and digital security.

7. What is the biggest challenge your organisation is currently facing in your country?

The biggest challenge we are currently seeing globally is with governments reacting too rashly to current challenges. The digital world is getting away from them and they are coping with this change by trying to surveil and control it. We’re seeing massive thresspases against privacy and fundamental human rights, encryption compromises… Governments need to relinquish this constant need to meddle and fiddle. Stop trying to break the internet and just give us the solid legal certainty which we need to feel protected and free to express ourselves in the online environment.

8. How can one get in touch with you if they want to help as a volunteer, or donate to support your work?

We have an Action Center where we list all of our ongoing campaigns. Every voice counts so signing those petitions and sending emails to government representatives really helps get our message across. There is of course a weekly newsletter that goes around and there is also the opportunity to subscribe to our actions alerts – that way subscribers can get a notification to join us in protecting human rights online! There is of course also the traditional way of making a donation or volunteering to help us at RightsCon next year. All of this can be found on our website: www.accessnow.org

close
20 Apr 2016

Countering terrorism, a.k.a. the biggest human rights threat of 2016

By Maryant Fernández Pérez

United Nations (UN) Special Rapporteur on counter-terrorism and Human rights, Ben Emmerson said “the central challenge for human rights in 2016 [is] ensuring governments continue to support a human rights agenda” while seeking to end terrorism.

................................................................. Support our work - make a recurrent donation! https://edri.org/supporters/ .................................................................

The European Union is also faced with this challenge. In the EU, there is currently a proposal for a Directive to combat terrorism that, as currently drafted, would pose threats to freedom of expression, privacy and security. The draft Directive was drafted in just 2 weeks, with no impact assessment. This means that the current proposal has neither evidence of its possible impact on your human rights and freedoms nor a proof indicating its possible effectiveness and even justifying the need for a Directive in the first place.

This draft Directive was proposed by the European Commission in December 2015. In the proposal, the Commission expressed its willingness to address the internet, without any clarity as to what it meant by that. While the European Parliament has not taken a position on this Directive yet, the Member States gathered within the Council of the European Union have adopted their position already. For instance, the Council has adopted a confusing approach on blocking of websites which is simply reckless in the absence of an impact assessment. It is based on the Child Exploitation Directive’s provision on blocking, whose effectiveness has never been assessed. It is also entirely incongruous, in a Directive whose purpose is to criminalise certain activities.

As for the Parliament, politicians that are part of the Parliament’s civil liberties committee (LIBE) have tabled 438 amendments. Some of them follow EDRi’s recommendations to have strong human rights safeguards, to stop the criminalisation of speech that is part of our freedom of expression, to be more precise about the link between a banned conduct and a terrorist offence, to delete dangerous elements, such as on malware and “electronic evidence” (whatever that means) and take-down of legal websites. However, there are some amendments that risk mirror elements leaking in from the Parliament’s non-legislative report adopted at the end of November 2015, the Dati Report, and new elements which could undermine the rule of law, encryption, the use of Tor, among others.

Countries around the world are using measures to combat terrorism and violent extremism to silence journalists, activists and normal people who want to express themselves, even if the views are uncomfortable.

We hope the EU will lead by example by preventing the abuses we’re seeing in several EU countries. If, after every terrorist attack, legislators enact new laws with the hope of creating a feeling of more security and safety in the population, without actually solving the problem of terrorism, we will have less freedoms and rights in exchange of no real solution. Instead, the European Parliament adopted the EU PNR Directive last week, which is a profiling measure that has not been proven useful for tackling terrorism.

The UN Secretary-General Ban Ki-Moon has recently described such reactions very well: “repressive and heavy-handed security responses in violation of human rights and the rule of law, such as profiling of certain populations, adoption of intrusive surveillance techniques and prolongation of declared states of emergency, tend to generate more violent extremists.”

Instead of restricting our freedoms, human rights and undermining the values that founded the European Union, effective, evidence-based measures should be put in place not only to combat terrorism, but also to prevent it. As Sascha Lobo explained for Spiegel, more resources should be put in judicial and police personnel. Instead of repairing a legal system capable of enforcing the rule of law, we are getting more computers, databases, more laws with far reaching consequences. If this draft Directive is adopted, particularly if the new damaging proposals that are on the table are adopted, we will create new dangers, without solving the real problems that need to be addressed.

EDRi’s recommendations for the European Parliament’s Draft Report on the Directive on Combating Terrorism (29.03.2016)
https://edri.org/files/counterterrorism/CounterTerror_LIBEDraftReport_EDRi_position.pdf

UN Special Rapporteur on the promotion and protection of human rights and fundamental freedoms while countering terrorism Report (22.02.2016)
http://www.ohchr.org/EN/Issues/Terrorism/Pages/SRTerrorismIndex.aspx

UN Plan of Action to Prevent Violent Extremism (24.12.2015)
https://undg.org/wp-content/uploads/2016/02/SG-Plan-of-Action-to-Prevent-Violent-Extremism-1.pdf

Spiegel: The Man Machine: Profound, structural, multiple government failures (German) (30.03.2016)
http://www.spiegel.de/netzwelt/netzpolitik/sascha-lobo-ueber-is-terror-ueberwachung-ist-die-falsche-antwort-a-1084629.html

(Contribution by Maryant Fernández Pérez, EDRi)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
20 Apr 2016

New data protection law in Turkey

By Guest author

Turkish Parliament enacted the Data Protection Law on 24 March 2016 and it entered into force on 7 April. There had been several attempts for enacting the Law over the course of more than 10 years, but all of the bills were later withdrawn by the AKP – Justice and Development Party (the ruling party since 2002) governments.

................................................................. Support our work - make a recurrent donation! https://edri.org/supporters/ .................................................................

The AKP was quite motivated to enact the law because:

  1. Due to the nonexistence of Data Protection Law, Turkey was regarded as an “unsafe country” in terms of data protection and this resulted in certain difficulties for collaboration of Turkish security agencies with its counterparts abroad.
  2. Many Turkish companies could not operate in Europe and other places for the same reason.
  3. The government has the plan of establishing a “World Finance Center” in Istanbul, but that would be impossible without a proper DP Law.
  4. Turkey is officially a candidate country for membership to the European Union which enforces member and candidate countries to adopt a DP Law.

The hesitation of the government was due to the concern that the previous versions of the law would not be in conformity with the contemporary approach and thus would not be adequate for realizing the objectives outlined above. In the earlier versions of the bill, the Data Protection Board was to be appointed by the government or the President which draws suspicion to its autonomy. In the last version, four members of the Board were to be appointed by the government and three members by the President. This has been changed last minute and the enacted law envisages that two members are to be appointed by the President, two by the government and five to be elected by the Parliament.

Another hesitation in the previous versions stemmed from the fact that several security agencies such as police and secret service were given exemption for collecting and processing personal data. Although the new law does not explicitly mention these organisations, it has several exemptions which will pave the way for these organisations legally to collect and process data.

CHP – People’s Republican Party, the largest opposition party, declared that it will apply to the Constitutional Court for the annuling of the law.

Turkey’s data protection draft law open to abuse: Expert
http://www.hurriyetdailynews.com/turkeys-data-protection-draft-law-open-to-abuse-expert-.aspx?pageID=238&nID=95796&NewsCatID=341

Turkey passes long-awaited data protection law (07.04.2016)
https://www.yahoo.com/tech/turkey-passes-long-awaited-data-protection-law-171736298.html

Turkey’s New Data Protection Law (15.04.2016)
http://www.jdsupra.com/legalnews/turkey-s-new-data-protection-law-43057/

Turkey Completes Final Step in Approving Data Protection Legislation (07.04.2016)
http://www.morogluarseven.com/news/turkey-completes-final-step-approving-data-protection-legislation

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
20 Apr 2016

Huge protest against corruption & surveillance in Macedonia

By Guest author

The political crisis in Macedonia deepened on 12 April when the President Gjorgi Ivanov announced that he would issue a blanket pardon to 56 politicians suspected of involvement in serious crimes. Over the last eight days, tens of thousands of citizens took to the streets of the capital city Skopje and about a dozen other cities, demanding justice and restoration of democracy.

................................................................. Support our work - make a recurrent donation! https://edri.org/supporters/ .................................................................

In February 2015, the opposition started revealing excerpts of leaked wiretaps conducted by the state’s Secret Service, alleging that over 20,000 citizens were subject to direct illegal surveillance, as part of an alleged criminal conspiracy run by the Prime Minister Nikola Gruevski and his family. The illegal surveillance was allegedly conducted with use of state resources and with compliance of telecom operators.

Using surveillance as a tool for control and intimidation has led to a decline in the respect for human rights, in particular freedom of expression. This is demonstrated, for example, by the fact that Macedonia’s rank on World Press Freedom Index sunk from 34 in 2009 to 118 in 2016.
In June 2015 a probe by group of experts lead by the former European Union (EU) Commissioner Reinhart Priebe confirmed these allegations and was the basis for further steps taken by the European Commission (EC). These steps included setting urgent reform priorities for Macedonia as an EU candidate country and joint mediation with the USA. The mediation led to the so-called Pržino Agreement, which stipulated gradual reforms that would reverse the backsliding from democracy.

One step included the formation of a new institution, the Special Public Prosecutor (SPP), in charge of investigating the crimes related to the illegal wiretapping. The SPP faced various obstacles from other state institutions after it started investigations of various wrongdoings, including electoral fraud, torture of political prisoners, and misuse of state funds. The legal grounds of the announced presidential pardon for suspects under its investigations is highly controversial, but if implemented would ensure impunity and make the SPP work irrelevant.

Angered by this abuse of state function and by the prospect of continuing rule of what they see as mafia structure maintaining the control of the state, citizens started protesting daily in the streets of Skopje, and later in other cities. At first numbering hundreds, their numbers swelled to tens of thousands in the capital and several thousands in the cities of Bitola, Strumica, Prilep, Kumanovo, Shtip, Kochani, with other cities announcing they would join the protests in the coming days.

The protest’s main demands are restoration of the rule of law, punishment of organised crime, and all perpetrators being held accountable. As a main slogan, the protesters chant:
“No Justice, No Peace!” They also address the lack of freedom of expression, with: “No More Silence!”

The protesters jokingly use the term “multicolored revolution” as some of them throw eggs and paint at government buildings, esp. those built under highly controversial project Skopje 2014, which incurred costs of over € 630 million without public consultation. These new constructions, such as the Triumphal Arch from 2012, new “baroque” facades and fountains are perceived as symbols of power of the regime. According to Macedonian law, these forms of vandalism, alongside graffiti, are considered misdemeanors and usually do not incite interventions by riot police.

The EU invited the leaders of the four biggest political parties in Macedonia, for negotiations in Vienna on 22 April, to find ways to continue the blocked implementation of the Pržino Agreement. The exclusion of the civil society from the previous rounds of negotiations lead to compromise solutions that fuel the anger of the protesters, who demand that end of impunity for criminal responsibility take precedence and be the precondition for all eventual political reforms supported by the international community.

Macedonia: Massive surveillance revelation: 20 000 people wiretapped (11.02.2015)
https://edri.org/macedonia-massive-surveillance-revelation/

Macedonia: a superficial democracy in the shadow of crises (01.04.2016)
http://www.osw.waw.pl/en/publikacje/osw-commentary/2016-04-01/macedonia-a-superficial-democracy-shadow-crises

Macedonia president halts wiretapping inquiry (12.04.2016)
http://www.bbc.com/news/world-europe-36031417

EU Commissioner Criticizes Macedonian President For Halting Wiretap Probe (12.04.2016)
http://www.rferl.mobi/a/eu-criticizes-macedonian-president-wiretapping/27670931.html

Macedonia President’s Amnesty Move Prompts Civil Unrest (14.04.2016)
http://www.wsj.com/articles/macedonia-presidents-amnesty-move-prompts-civil-unrest-1460667449#livefyre-comment

U.S. Mission to the OSCE: On Developments in Macedonia: Statement to the PC (14.04.2016)
https://osce.usmission.gov/on-developments-in-macedonia-statement-to-the-pc/

U.S. Dept. of State: Macedonia Country Report on Human Rights Practices for 2015 (13.04.2016)
http://www.state.gov/j/drl/rls/hrrpt/humanrightsreport/index.htm?year=2015&dlid=252873#wrapper

Macedonia corruption: Fourth night of protests as snap election called (15.04.2016)
http://www.bbc.com/news/world-europe-36058173

‘Without Justice, There’s No Peace!’: Macedonians March Against President’s Pardon for Politicians Under Investigation (15.04.2016)
https://globalvoices.org/2016/04/15/without-justice-theres-no-peace-macedonians-march-against-presidents-pardon-for-politicians-under-investigation/

The Budding Autocrats of the Balkans (15.04.2016)
http://foreignpolicy.com/2016/04/15/the-budding-autocrats-of-the-balkans-serbia-macedonia-montenegro/

EU Attempts to Salvage Macedonia Crisis Deal (18.04.2016)
http://www.balkaninsight.com/en/article/eu-attempt-to-salvage-macedonia-crisis-deal-04-18-2016

Protests in Macedonia Gain Momentum as New Round of Political Negotiations Is Announced (19.04.2016)
https://globalvoices.org/2016/04/19/protests-in-macedonia-gain-momentum-as-new-round-of-political-negotiations-is-announced/

Macedonia’s political crisis: Make or break for civil society (19.04.2015)
http://blogs.lse.ac.uk/europpblog/2016/04/19/macedonias-political-crisis-make-or-break-for-civil-society/

“No to negotiations” shout citizens, they demand equality, justice and freedom (20.04.2016)
http://meta.mk/en/no-to-negotiations-shout-citzens-they-demand-equality-justice-and-freedom/

2016 World Press Freedom Index (20.04.2016)
https://rsf.org/en/macedonia

(Contribution by Filip Stojanovski, Metamorphosis)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
20 Apr 2016

The biggest data breach in Turkish history

By Guest author

About 50 million personal records of Turkish citizens have been made publicly available in a searchable database on the internet. Ironically, although the site that holds the database is open to the entire world, it is one of the 110,000 sites blocked by Turkish government and can only be accessed from Turkey via a virtual private network (VPN). The database contains personal information such as names, citizenship numbers, parent names and addresses of 49,611,709 citizens. This huge number involved makes the breach the most serious in Turkish history. By comparison: the Office of Personnel Management leak in April 2015 involved the personal records of 22 million public servants in the US.

................................................................. Support our work - make a recurrent donation! https://edri.org/supporters/ .................................................................

Contrary to the reports in the international media, the leak does not seem to be recent, but what is new is, that the data is now available on the net. In Turkey, citizenship data has been available on the black market for years. It was mainly sold to solicitors and cargo companies which need accurate addresses of individuals. Several people were taken into custody for obtaining the data on 27 July 2010 and twelve of them were later sentenced.

The version available on the internet seems to be related to the 2009 elections, as it contains data on citizens that were over 18 years of age at that time. The government was quick to blame the largest opposition party (CHP) and its arch-rival Fethullah Gülen, a US-based cleric for leaking the database at the same time. It is currently considering not to give electorate data to the parties in future elections. The opposition party responded that this was nonsense and it was only one of the 30 parties that received the database. According to CHP, this accusation is an indication of the intention of further fraud by the ruling party AKP by keeping information from them.

As a potential ticking bomb, all health records such as doctor visits, treatments, health tests and medicine prescribed for all citizens are also kept in a central database in Turkey. This is permitted by the new Data Protection Law and any similar breach of that database will have even more serious consequences in future.

Personal data of 50 million Turkish citizens, incl Erdogan’s reportedly leaked online (04.04.2016)
https://www.rt.com/news/338409-personal-data-turkey-leaked/

Personal details of 50 million Turkish citizens leaked online, hackers claim (04.04.2016)
http://www.telegraph.co.uk/news/2016/04/04/personal-details-of-50-million-turkish-citizens-leaked-online-ha/

Hack Brief: Turkey Breach Spills Info on More Than Half Its Citizens (05.04.2016)
http://www.wired.com/2016/04/hack-brief-turkey-breach-spills-info-half-citizens/

Correction: Turkey-Data Leak story (06.04.2016)
http://bigstory.ap.org/article/0d88b2c4311a464587a485ad56ac986e/data-nearly-50-million-turks-allegedly-leaked-online

Turkey launches inquiry into leak of 50 million citizens’ data (04.06.2016)
http://www.reuters.com/article/us-turkey-cyber-idUSKCN0X31ZK

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
20 Apr 2016

The lobby-tomy 5: legal help or political choices?

By Guest author

Is legal help always objective? Writing laws is a complicated process. A frequently used lobby strategy involves offering “legal help” and arguments that promise legal certainty. Parties claim to make no substantive choices for policy makers, but is that really the case?

................................................................. Support our work - make a recurrent donation! https://edri.org/supporters/ .................................................................

The new European data protection regulation is the most lobbied piece of legislation thus far because the subject is very important and touches upon almost every aspect of our daily lives. Therefore Bits of Freedom used the Dutch freedom of information act to ask the government to publicise all the lobby documents they received on this new law. We published these documents on the Bits of Freedom website with our analysis in a series of blogs. What parties lobby? What do they want? What does that mean for you? We have now translated these nine blogs into English for the EDRi-gram. This is part 5.
Drafting legislation is a complicated process, in particular where it concerns laws of this magnitude. An additional issue is that the subject matter is often technical in nature. This means that policy makers actively seek the help of experts. It also means that any offered help is very welcome.

Technical amendments

Parties offer that help happily. The Dutch employers’ federation VNO-NCW offers the Dutch Permanent Representation (perm rep) its expertise in a 76 page letter. The letter contains “technical amendments.” In other words, matters that according to them are not political. It concerns the correct legal articulation of an article, but also other choices: how access request should be answered (“that they should be answered is without question”).
The letter contains a lot of legal fine tuning. For example, the employers’ organisation corrects the point regarding the obligation to provide information to people, explaining that this should happen in “a notice” and not in “a policy” which is written into the regulation. That is a justifiable correction: after all, you’re not sending policies to people, but a notification that contains that policy.

However, it appears choices are made that go one step further than mere legal fine tuning. In one article for example, they edit the text to say that an organization may process information for a legitimate interest or for “that of a third party.” That makes the article much broader in scope. Although they state that this would be a return to the previous privacy directive, it concerns choices that are controversial. They also write that it should be left to organisations themselves how they answer information requests (electronically or not?), but that also exceeds mere legal fine tuning. In yet other articles they talk about diminishing the “burdens” on companies – which frames the issue in very negative terms. Even though this can sometimes be a good thing, it isn’t necessarily neutral.

Clarification

Techamerica Europe (an organisation which acted on behalf of tech companies with American roots) also offered some clarifications in an email to the perm rep and the ministry of justice. They mention a misunderstanding about profiling, in which they think the intention behind the article hasn’t been addressed properly. The text at the time said that people only have to be informed about profiling if it has a “significant effect” on them and that only then they should be offered an opt-out. This means that the protection of this article grants applies only in limited cases, because of its low threshold. However, they want to change the wording “significant effect” into “severely affects.” This would mean you would only have to offer an opt-out from profiling if it has really severe consequences. This makes the protection offerered by this article much more difficult to apply. About the original text they say:
“We reject this idea, and believe that the intention of the Article is to focus on clearly unfair or discriminatory practices such as the denial of insurance cover.”

Oh really? Many different organisations, including us, would disagree with that. To us, this article is about allowing people to know that personality profiles are being developed about them and allowing them protection from this. Furthermore, it would be difficult to prove “severe consequences” in this context, which would drastically limit the protection the article offers.

Legal certainty

Closely tied to this legal help is the concept of legal certainty. It means you should be able to trust a clear interpretation of the law, instead of encountering surprising interpretations that could cost you either freedom, money, or something else. In other words: legal certainty is important for businesses and citizens alike.

This legal certainty isn’t always there in the regulation. The law aimed to harmonise all privacy legislation in Europe. The current text however has many exceptions allowing the member states of the European Union to regulate areas themselves or allowing the Commission to adopt further clarifying measures (called delegated and implementing acts).

IBM justly addresses some remarks to this in a letter to the ministry of economic affairs:
“The final text must, then, provide for a high degree of legal certainty and predictability. With its [49] delegated and implementing acts, the draft does anything but.”

But IBM extends this legal certainty to the obligations put on businesses.
“Newly proposed obligations are too vague or too complex to be properly understood – or complied with. New constraints on implementation would remove the flexibility European businesses need to innovate and thrive. Nor are IBM’s concerns limited to the information technology sector in which we participate.”
They make a connection between legal certainty and obligations. IBM wants more flexibility. But that would make it more unpredictable for people. How would people be able to tell which obligations apply to companies and whether they stick to those obligations?

Industry lobbying ultimately led to the final text of the General Data Protection Regulation having significantly more national exceptions than the preceding legislation had articles – a case of politicians learning the hard way that lobbyists don’t always know what they want.
It shows that although offering legal help can be necessary, it can also be abused.

To be continued.

Want to continue reading about this? On the Bits of Freedom website, you can find all the lobby documents and the analysis. The next part is about the “not in my backyard” argument.

For the series of blogs and documents, see the Bits of Freedom website
https://www.bof.nl/category/lobby-tomie/

Email VNO-NCW en MKB Nederland to Dutch perm rep (06.03.2013)
https://www.bof.nl/static/lobby-tomie-documenten/EU/20130306-056-vnoncw-mkb-nederland.pdf

Email by TechAmerica Europe to Dutch perm rep (15.01.2014)
https://www.bof.nl/static/lobby-tomie-documenten/EU/20140115-028-tech-america-europe.pdf

Letter by TechAmerica Europe to ministry of justice (14.01.2014)
https://www.bof.nl/static/lobby-tomie-documenten/VENJ/20140114-023-techamerica.pdf

Letter by IBM to ministry of economic affairs
https://www.bof.nl/static/lobby-tomie-documenten/EZ/00000000-11-ibm.pdf

(Contribution by Floris Kreiken, Bits of Freedom)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
20 Apr 2016

Trilogues: the system that undermines EU democracy and transparency

By Maryant Fernández Pérez

Most of the legislation of the European Union (EU) is today adopted using an informal, non-democratic, non-accountable and non-transparent process. This mechanism is known in the EU bubble as “trilogues” or “trialogues”. Trilogues are a set of informal negotiations between the European Parliament, the Council of the European Union and the European Commission to fast-track legislation, with a view to reaching early agreements on legislation.

................................................................. Support our work - make a recurrent donation! https://edri.org/supporters/ .................................................................

The EU body in charge of fighting against maladministration, the European Ombudsman, decided to open an investigation to assess the need for a trilogues reform. As part of this inquiry, she opened a consultation to ask the public about its opinion and experience regarding the transparency of trilogues. On 31 March, EDRi submitted its response, where we ask for an urgent reform of trilogues, echoing the concerns voiced by an open joint civil society letter sent to the three institutions.

Trilogue negotiations are worrisome mainly because

  • only a very limited number of participants negotiate for over 500 Million of people and their names are usually not disclosed;
  • negotiations are conducted behind closed doors;
  • trilogue documents are not released to the public as a general rule;
  • access to trilogue documents is often denied, as evidenced in EDRi’s freedom of information requests for the trilogue documents of the Telecoms Single Market Regulation (the regulation dealing with net neutrality in the EU), for example;
  • trilogues are subject to undue and undisclosed external pressure. Lobbyists can get an insight of trilogue negotiations if they become friendly with the negotiators. What about the general public? Wouldn’t you like to also have access to documents that will likely affect your life?;
  • trilogues profoundly undermine and weaken the position of the only directly democratically-elected institution in the EU, the European Parliament;
  • the process strips the decision-making process of accountability, because secrecy hides how the agreements are reached.

A reform of trilogues should seek to solve these problems. In our response, EDRi emphasises that this would not only benefit EU law-making, but would also contribute to have greater legitimacy, integrity, accountability and scrutiny of the legislative work the EU institutions are conducting.

We eagerly look forward to see the results of the consultation and the European Ombudsman’s recommendations to end unaccountable, undemocratic and non-transparent law-making in the EU. EDRi and 19 other civil society organisations are still waiting for the Council of the European Union to respond to the letter sent to the Commission, Parliament and Council in September 2015. So far, only the European Commission and the Parliament have responded, albeit unsatisfactorily. The Council is the least transparent of the three. Stay tuned for new developments.

EDRi’s response to the European Ombudsman’s public consultation on the transparency of trilogues (31.03.2016)
https://edri.org/files/transparency/TriloguesConsultation_EDRiresponse.pdf

EDRi: Civil society calls for reform of trialogues in a letter to EU Commission, Parliament and Council (30.09.2015)
https://edri.org/civil_society_calls_for_reform_of_trialogues_in_letter_to_eu_commission_parliament_and_council/

EDRi: Better Regulation Interinstitutional Agreement – we have concerns! (21.12.2015)
https://edri.org/better-regulation-interinstitutional-agreement-we-have-concerns/

(Contribution by Maryant Fernández Pérez, EDRi)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close