Archive | July, 2016

Twitter censoring Milo Yiannopolous

The decision to unperson Yiannopoulos was done in secret in some hidden Twitter office, no doubt one with cheerful Twitter blue birds on every wall. His “suspension” was retroactive: His past posts—virtually all of which were once regarded as acceptable—have been vanished just as much as any problematic ones.

It is unclear which was the straw that broke the camel’s back. Nor is it clear which were the past straws. Twitter’s only statement regarding Yiannopolous’s ban was a reiteration of its terms of service, which is akin to reading the criminal code aloud when someone is accused of a crime. There is, however, a very profound difference here. Twitter does not have a Soviet monopoly on the media. It is still largely open to criticism, both on the platform itself and in other venues. This is not a First Amendment issue. But it still remains, quite obviously, an issue. Twitter’s Stalinist Unpersoning of Gay Provocateur Milo Yiannopolous »


ECJ Advocate General on data retention: Strict conditions must apply

Data retention (collection of data about everybody’s phone calls, text messages, e-mails, internet connections and mobile positions) may only be used to combat serious crimes – and only if there are no other options (such as using surveillance only against people who are actually suspected of criminal activities).

This is the essence of the European Court of Justices Advocate Generals recommendation in some ongoing cases about data retention.

From the press release (PDF):

The Advocate General is of the opinion that a general obligation to retain data may be compatible with EU law. The action by Member States against the possibility of imposing such an obligation is, however, subject to satisfying strict requirements. It is for the national courts to determine, in the light of all the relevant characteristics of the national regimes, whether those requirements are satisfied.

First, the general obligation to retain data and the accompanying guarantees must be laid down by legislative or regulatory measures possessing the characteristics of accessibility, foreseeability and adequate protection against arbitrary interference.

Secondly, the obligation must respect the essence of the right to respect for private life and the right to the protection of personal data laid down by the Charter.

Thirdly, the Advocate General notes that EU law requires that any interference with the fundamental rights should be in the pursuit of an objective in the general interest. He considers that solely the fight against serious crime is an objective in the general interest that is capable of justifying a general obligation to retain data, whereas combating ordinary offences and the smooth conduct of proceedings other than criminal proceedings are not.

Fourthly, the general obligation to retain data must be strictly necessary to the fight against serious crime, which means that no other measure or combination of measures could be as effective while at the same time interfering to a lesser extent with fundamental rights.

Furthermore, the Advocate General points out that that obligation must respect the conditions set out in the judgment in Digital Rights Ireland (5) as regards access to the data, the period of retention and the protection and security of the data, in order to limit the interference with the fundamental rights to what is strictly necessary.

Finally, the general obligation to retain data must be proportionate, within a democratic society, to the objective of the fight against serious crime, which means that the serious risks engendered by that obligation within a democratic society must not be disproportionate to the advantages it offers in the fight against serious crime.

Here it is important to remember that the ECJ revoked the EU Data Retention Directive – the document all member states data retention is built upon – in the spring of 2014. This because it violates fundamental human rights, such as the right to privacy. So it is hardly possible to stick to any direct adaptations of the fallen directive.

One thing that seems to be clear is that data retention cannot be used to investigate minor crimes (e.g. illegal file sharing). And it cannot be used for non-criminal proceedings (e.g. by local councils and tax authorities). The infringement of privacy is massive with data retention. It must be in proportion to the seriousness of the suspected crime.

Point four (“which means that no other measure or combination of measures could be as effective while at the same time interfering to a lesser extent with fundamental rights”) is also interesting. Of course, there are other measures – like only using surveillance against people suspected of criminal activities, instead of the entire population.

Later this fall the ECJ will give its final verdict. But it usually follows the Advocate Generals recommendations.

• ECJ press release (PDF) »
• The Advocate Generals recommendation, full text »
• EDRi – European Court confirms: Strict safeguards essential for data retention »
• Falkvinge – European Supreme Court says “Maybe” to mass surveillance of innocents »


The democratic forces

The Turkish affair ought to be food for thought.

A country steadily being lead away from democracy by a democratically elected sociopath. Or the military overriding democratic elections – allegedly to restore safety and – ta-da! –democracy.

Both scenarios are disturbing.


Democracy is a system where power ultimately lies with the people. It is a form of co-existence where the risk for aggression from others and from those in power is reasonably low. I like that.

The problem is – at the same time – democracy is an awful and perverse system. It promotes power struggle instead of the public good. It implies force and it is corrupt. Literally, anything can be done to anyone in a democratic way. And it often is, with horrifying results.

But all alternatives are worse. Sorry to say. Like it or not, this is what we got. Democracy is a life raft for the people. We should use it.

Another problem is, democracy is not done the proper way anymore. If power is to be given to someone by the people – this is not a carte blanche for behaving badly or overly greedy. The idea is not that some should rule over others, but for others.


For democracy to work there must be a free flow of thoughts, opinions, ideas, news, facts, data, theories and creativity.

Well, the EU just outsourced to Twitter, Youtube, and Facebook to censor information (“content”) that is deemed to be objectionable (by unknown people and unknown rules). Without the dignity of prior legal formalities. And this is in a spooky way done with the best of intentions, by nominally good people.

This is to curb free speech. You do not do that. Ever. Period. (But, of course, they do. All the time.)


Citizen’s civil rights are taken away, piece by piece. Day after day.

You only hear politicians tell us why “we” must reduce and infringe citizens rights, because of… But you never hear them talking about enlarging or deepening democracy. You never see them giving power and civil rights back to the people. It seems to be a non-reversible process.

This is creating a poisonous intellectual climate.

When there is no open, living debate about deeper democratic values in society… Don’t be surprised if the people takes its eye off the ball, as well. Exit: Liberal Western civilisation. Entry: Pokemon Go!


But we are not doomed. Democracy can still be saved. We can enter an era of peace, love, and understanding. And wealth. If we act up, and behave like adults. If we win back democracy by participation. If we are willing to give reason and logic a fair chance. If we cooperate on a truly open and free market with the same set of rules for all. If we respect each other. Like it ought to be.

Some despair, because people are not organised. Well – you don’t have to be. Just stand tall and defend democracy and its values such as individual liberty, free speech, the rule of law, transparency, respect for minorities (political as well as ethnic) and freedom of religion and organisation. Always. Make it a priority.

Let use spontaneous human interaction to save democracy! Because… what is the alternative?



Fighting the roots of terrorism

“Dropping bombs on oil refineries or conducting unmanned aerial vehicle strikes against jihadist leaders is easy. By contrast, building strong institutions that can resist corruption and govern fairly and justly is far more difficult. The very failure to build such institutions has given rise to resurgent jihadism in Afghanistan, Iraq, Egypt, Algeria, Libya and Mali.

For citizens of corrupt, repressive or even kleptocratic states, jihadism’s utopian message resonates far more loudly — just as Marxism’s did. It is no coincidence that despite their best efforts, the KGB and its affiliated intelligence services found little success in fomenting insurgencies in parts of the West with good, honest governance. The seeds that the communists planted never grew and flourished as they did in places where inept or repressive regimes held power.”

Link: What The Cold War Can Learn Us About Jihadism »


UK Brexit Minister in ECJ court case against UK government on privacy

This is unusual.

The new UK “Brexit minister” David Davis is involved in a court case in the European Court of Justice (ECJ) – suing the British government over personal data rights.

Furthermore, the law he is challenging was introduced by his new boss, Prime Minister Theresa May, during her time as Minister for Home Affairs.

“The choice of Mr Davis is a remarkable one in some ways. A sincere civil libertarian, as well as a pro-Brexit campaigner, he is one of a group of claimants suing the UK government at the European Court of Justice to enforce EU law on an allegedly non-compliant UK in respect of personal data rights. This case — which is reliant on the very charter of fundamental rights loathed by many in his own party — has already seen a decision of the high court saying an act of parliament was incompatible with EU law (though this was not upheld on appeal, it was referred to the ECJ instead).”

FT: David Davis, Brexit and the shapelessness of things to come »


And now… automated web censorship

Automated systems to identify child abuse material (and flag it for removal) on the Internet is now going to be used to combat “extremist” and “hateful” content on social media.

“However, the definition of “extremist content” is everything but clear; CEP’s algorithm does not (and logically cannot) contain this definition either. Even if it were to use a database of previously identified material, that still would create problems for legitimate quotation, research and illustration purposes, as well as problems regarding varying laws from one jurisdiction to another.”

“The Joint Referral Platform has the potential to automate Europol’s not-formal-censorship activities by an automatic detection of re-upload. However, it remains unclear whether any investigative measures will be taken apart from the referral – particularly as Europol’s activities, bizarrely, do not deal with illegal material. There is obviously no redress available for incorrectly identified and deleted content, as it is not the law but broad and unpredictable terms of service that are being used.”

What could possibly go wrong..?

EDRi: Algorithms – censorship à la carte? »


FAQ: EU-US Privacy Shield

“There are a few improvements, the most obvious being on the purpose limitation and the duration of data retention by private companies. But even here, the EU standard that data can only be stored as long as this is “necessary” is watered down to “relevant”. Of course, any data can be relevant for the company, but that does not mean it meets the necessity test.”

“At the very least, it should get a sunset clause and expire in two years, when the new EU data protection rules have to be applied. The negotiations should in the meantime continue with the next US administration, which also should amend its laws in the next two years. I know this is difficult given the current situation on Capitol Hill in Washington, but we can’t give US companies such privileged access to EU data transfers market if they don’t follow our standards.”

“All I have seen is a funny attempt to define “bulk collection” as not being “mass surveillance”. The US government is still allowed to do bulk data collection in at least six cases, including gathering “foreign intelligence information”, which can be information on anything from illicit arms trade to legitimate trade agreement protests.”

German Green MEP Jan Philipp Albrecht on the EU-U.S. Privacy Shield.

Link: EU-US “Privacy Shield” – Background and Frequently Asked Questions (FAQ) »


EU-US Privacy Shield adopted by the EU despite privacy flaws

The much criticized EU-U.S. Privacy Shield agreement concerning data protection for personal data transferred from the EU to the U.S. has – as expected – been approved by EU member states.

• Statement by Vice-President Ansip and Commissioner Jourová on the occasion of the adoption by Member States of the EU-U.S. Privacy Shield »

• Privacy Shield data pact gets European approval »

• EU-U.S. commercial data transfer pact clears final hurdle »

• New Privacy Shield Could Face Legal Challenge in Europe, Experts Say »

• Official: Privacy Shield dragged across finish line »

Most likely this agreement will end up in the European Court of Justice – as it is suffering from many of the same shortcomings as its predecessor, the Safe Harbour agreement. The latter was invalidated by the court for violating citizens rights to privacy.


Cyber war capabilities and mass surveillance

We definitely need cyber defence capabilities. Foreign powers, terrorists, and criminal networks have the capability to harm key functions in our societies.

We also need capacity for offensive cyber operations. No doubt, this will be a part of tomorrow’s conflicts and there is an ongoing cyber war arms race. Several western countries affiliated with NSA is adapting to this. (E.g. Sweden has recently made changes to legalise offensive operations, that according to the Snowden documents are already in place.)

First of all, the threshold for cyber attacks is lower than for conventional military conflicts. At the same time, most countries have made it clear that they will consider cyber attacks as an actual act of war. So there are reasons to tread carefully.

This is a grey area. It is difficult to be sure if a cyber attack originates from another nation or a criminal or terrorist organisation. In the same way, it is difficult to know who you engage in defensive or offensive cyber operations. Things might easily escalate.

Second, there is no clear line separating conventional mass surveillance and cyber warfare. One can easily spill over into the other. The lines are muddled. The rule of law can easily be circumvented by labelling surveillance that would be illegal in “civil” law enforcement as secret “military” operations.

Third, cyber warfare capabilities are frequently outsourced to private contractors. This will make it even harder to uphold democratic oversight and accountability.

I would argue that one major problem with cyber warfare capabilities is that they might be used to conceal domestic intelligence operations outside the realm of the law.

This calls for vigilance.


Statewatch » Council documents: responses to offensive cyber operations; “cyber capacity building” in non-EU countries; implementation report on Cyber Defence Policy Framework »