Category: Data Protection

On TTIP, CETA, free trade and a free and open Internet

I’m a free marketeer. I believe that free trade would be hugely beneficial for all.

I also believe in a free and open Internet. Especially as it provides a level playing field on which entrepreneurs from all over the world can join a global market, 24/7.

And I’m not at all happy with politicians and bureaucrats trying to force me to choose between the two.

The CETA (EU-Canada) and TTIP (EU-US) trade agreements are problematic. CETA will undermine Europeans right to data protection and privacy online. The same goes for TTIP, which also might contain intellectual property regulations undermining the principle that Internet service providers are not responsible for what their customers are up to in their cables (the mere conduit principle). That would have huge implications, leading to a strictly controlled Internet where everything you are up to must be approved in advance. When it comes to TTIP, we still have no comprehensive information about what is going to be included or not when it comes to IP – as negotiations are carried out behind closed doors.

Also, the ISDS mechanism in these trade agreements will make a much needed and long overdue copyright reform impossible.

But then, again, these trade agreements are not really about free trade. They are about »harmonizing« rules and regulations. So, they are really about regulating trade.

If you want free trade, all you have to do is to get rid of customs fees and other trade barriers. That would benefit us and all of the humanity greatly. But that is not what the politic and bureaucratic elite hope for. They want to regulate and control. The EU even has a special sub-bureaucracy for »trade defense«.

So, I don’t buy into it when they claim that these »free trade agreements« are about free trade.

I’m standing with free trade. And I’m standing with a free and open Internet. It is perfectly possible and logical to combine these standpoints with being critical to CETA and TTIP.

/ HAX

CETA and your privacy

Thanks to the Snowden revelations, it was proven that Canada was conducting mass surveillance activities within the so-called “Five Eyes” arrangement. If brought to court, as the Austrian student Max Schrems did with the EU-US agreement on transfer of personal data (the “Safe Harbor agreement”), the adequacy status given by the EU could be overturned. However, if CETA is ratified, the EU would be prohibited from protecting personal data in this way.

EDRi: CETA puts the protection of our privacy and personal data at risk »

ECJ: Worldwide privacy class action against Facebook

A worldwide class-action privacy lawsuit against Facebook, initiated by Max Schrems, has been referred to Europe’s top court. (…)

Schrems first brought his suit in 2014, and accuses Facebook of breaking EU privacy law in multiple ways, including supporting the NSA’s Prism surveillance program. Later, 25,000 Facebook users from around the world—except those in the US and Canada, where different rules apply—joined Schrems in a class action under Austrian law by assigning their rights to him.

Ars Technica: Worldwide privacy class action against Facebook heads to EU’s highest court »

Facebook turning WhatsApp to the Dark Side of the Force?

Under the new user agreement, WhatsApp will share the phone numbers of people using the service with Facebook, along with analytics such as what devices and operating systems are being used. Previously, no information passed between the two, a stance more in line with WhatsApp’s original sales pitch as a privacy oasis.

Wired: WhatsApp’s Privacy Cred Just Took a Big Hit »

“Only at the end do you realize the power of the Dark Side.”

The gatekeepers are dead. Long live the World Wide Web!

Information is power, control, and supremacy.

Until recently the tools for mass communication were expensive and in the hands of a small number of gatekeepers. Then, the price rapidly fell towards zero. With the Internet and the World Wide Web (that just turned 25 years old) anyone can communicate with the world by words, pictures, sound, and video – 24/365 – on a shoestring budget.

Still, people need to know about you. So fame, reputation, and status are factors to take into consideration. But content, quality (in some sense) and virality is the new gold standard.

This has upset the people who used to be in power, like bigwig politicians. They used to have their press releases copy-pasted into the media news flow without too much hassle. Today they still are visible in the slowly dying mainstream media. But on the Internet, they have to compete for attention with everybody and everything else.

Also, media proprietors, the copyright industry and the big brick and mortar chains are upset – just to mention a few.

It could have been very different.

Tim Berners-Lee – who invented the Hypertext Transfer Protocol (HTTP) together with his friends at W3C at Cern – decided not to patent this method of connecting the dots in the Matrix, but to give it to the world.

Alternatively, the Internet could have been in the hands of a few: Microsoft, Times Warner, Disney, Universal and some television conglomerates. It could have been compartmentalized with different protocols, specialized gadgets and used mainly to send information rather than allowing interaction.

Probably, there would also have been some sort of popular alternative run by enthusiasts – but it would have nothing like the impact of the WWW, where everybody interacts on the same platform.

Still, there are those who try to turn back time and change the outcome. This is the underlying context of the copyright war, the rationale behind political initiatives like ACTA, and an issue where Big Government and Big Business have coinciding interests.

At the same time, the Internet changes other markets like transportation and the hotel business. There is an emerging sharing economy. The Internet of things will change our lives in unforeseen ways.

The other side of the coin is that this technology might invade our privacy and be used for mass surveillance and political control.

This is a mix of spontaneous development (that politicians should keep away from) and some very political questions about privacy, data protection and the relation between citizens and the government.

A free and open Internet will provide endless possibilities and progress. And it will need Internet activism to stay free and open for all. That is, for instance, what this blog is all about.

/ HAX

European Data Protection Supervisor: Ban encryption backdoors

According to TechDirt, a report from European Data Protection Supervisor (EDPS) Giovanni Buttarelli argues for a ban on encryption backdoors.

Excellent.

But that is not all…

The new rules should also clearly allow users to use end-to-end encryption (without ‘backdoors’) to protect their electronic communications.

Decryption, reverse engineering or monitoring of communications protected by encryption should be prohibited.

That is taking the issue far. Very far. Maybe so far as to kill the report altogether in the EU institutions.

I cannot imagine politicians prohibiting all forms of attempted decryption, under all circumstances. Europol would go bananas. The EPP and S&D groups in the European Parliament would never accept it. And I imagine the Commission would never put forward such a proposal.

Just focusing on banning backdoors, however, is a totally different issue – that might stand a fair chance to become EU policy.

Then we have this…

In this context the EDPS also recommends that the Commission consider measures to encourage development of technical standards on encryption…

This could be understood as the EU encouraging encryption in general. That would be a good thing. Or as if the EU should take some sort of control over the development of encryption. That would be really bad.

Frankly, I’m not sure what to make of parts of this report.

But, at least, this is a clear stand against backdoors – from an EU data protection bigwig.

/ HAX

TechDirt: EU Data Protection Official Says Revised Privacy Laws Should Ban Backdooring Encryption »

ECJ Advocate General on data retention: Strict conditions must apply

Data retention (collection of data about everybody’s phone calls, text messages, e-mails, internet connections and mobile positions) may only be used to combat serious crimes – and only if there are no other options (such as using surveillance only against people who are actually suspected of criminal activities).

This is the essence of the European Court of Justices Advocate Generals recommendation in some ongoing cases about data retention.

From the press release (PDF):

The Advocate General is of the opinion that a general obligation to retain data may be compatible with EU law. The action by Member States against the possibility of imposing such an obligation is, however, subject to satisfying strict requirements. It is for the national courts to determine, in the light of all the relevant characteristics of the national regimes, whether those requirements are satisfied.

First, the general obligation to retain data and the accompanying guarantees must be laid down by legislative or regulatory measures possessing the characteristics of accessibility, foreseeability and adequate protection against arbitrary interference.

Secondly, the obligation must respect the essence of the right to respect for private life and the right to the protection of personal data laid down by the Charter.

Thirdly, the Advocate General notes that EU law requires that any interference with the fundamental rights should be in the pursuit of an objective in the general interest. He considers that solely the fight against serious crime is an objective in the general interest that is capable of justifying a general obligation to retain data, whereas combating ordinary offences and the smooth conduct of proceedings other than criminal proceedings are not.

Fourthly, the general obligation to retain data must be strictly necessary to the fight against serious crime, which means that no other measure or combination of measures could be as effective while at the same time interfering to a lesser extent with fundamental rights.

Furthermore, the Advocate General points out that that obligation must respect the conditions set out in the judgment in Digital Rights Ireland (5) as regards access to the data, the period of retention and the protection and security of the data, in order to limit the interference with the fundamental rights to what is strictly necessary.

Finally, the general obligation to retain data must be proportionate, within a democratic society, to the objective of the fight against serious crime, which means that the serious risks engendered by that obligation within a democratic society must not be disproportionate to the advantages it offers in the fight against serious crime.

Here it is important to remember that the ECJ revoked the EU Data Retention Directive – the document all member states data retention is built upon – in the spring of 2014. This because it violates fundamental human rights, such as the right to privacy. So it is hardly possible to stick to any direct adaptations of the fallen directive.

One thing that seems to be clear is that data retention cannot be used to investigate minor crimes (e.g. illegal file sharing). And it cannot be used for non-criminal proceedings (e.g. by local councils and tax authorities). The infringement of privacy is massive with data retention. It must be in proportion to the seriousness of the suspected crime.

Point four (“which means that no other measure or combination of measures could be as effective while at the same time interfering to a lesser extent with fundamental rights”) is also interesting. Of course, there are other measures – like only using surveillance against people suspected of criminal activities, instead of the entire population.

Later this fall the ECJ will give its final verdict. But it usually follows the Advocate Generals recommendations.

Links:
• ECJ press release (PDF) »
• The Advocate Generals recommendation, full text »
• EDRi – European Court confirms: Strict safeguards essential for data retention »
• Falkvinge – European Supreme Court says “Maybe” to mass surveillance of innocents »

UK Brexit Minister in ECJ court case against UK government on privacy

This is unusual.

The new UK “Brexit minister” David Davis is involved in a court case in the European Court of Justice (ECJ) – suing the British government over personal data rights.

Furthermore, the law he is challenging was introduced by his new boss, Prime Minister Theresa May, during her time as Minister for Home Affairs.

“The choice of Mr Davis is a remarkable one in some ways. A sincere civil libertarian, as well as a pro-Brexit campaigner, he is one of a group of claimants suing the UK government at the European Court of Justice to enforce EU law on an allegedly non-compliant UK in respect of personal data rights. This case — which is reliant on the very charter of fundamental rights loathed by many in his own party — has already seen a decision of the high court saying an act of parliament was incompatible with EU law (though this was not upheld on appeal, it was referred to the ECJ instead).”

FT: David Davis, Brexit and the shapelessness of things to come »