European Parliament: Parliament backs EU directive on use of Passenger Name Records (PNR) »
Archive | EU
Next step in EU court case on Data Retention will be July 19
By HAX on April 13, 2016 in Big Brother, Data Retention, ECJ, EU, Human rights, surveillance, Sweden, UK
Very little has been known or reported from yesterday’s hearing on data retention in the European Court of Justice (ECJ).
The hearing was conducted as a part of British and Swedish cases – arguing that data retention in the respective countries should end, as a consequence of the ECJ ruling in 2014 overthrowing the EU Data Retention Directive.
As data retention is found to be in breach of human rights on an EU level, the same should apply on a national level – the argument goes.
I will try to find out more about yesterday’s hearing. And if you find any links, please post them in the comments to this blog post.
The next step in this affair is said to be the Advocate Generals recommendation to the court – to be delivered July 19. (Normally the ECJ will follow this recommendation. But the process is slow, taking several months more.)
/ HAX
European court to consider legality of UK surveillance laws
“Blanket retention of communications data, without suspicion, creates a honeypot of information for criminals and hackers, and this case will have implications for personal privacy and the security of individual personal data.”
The Guardian: European court to consider legality of UK surveillance laws »
Update, also see:
The Guardian: MP calls for limit on UK surveillance powers as EU test case opens »
Fierce legal battle over data retention in Sweden
There is a rather interesting legal battle concerning data retention going on in Sweden. Parties are the ISP Bahnhof and the government oversight authority Post- & Telestyrelsen (PTS).
Two years ago, to the day, the European Court of Justice (ECJ) invalidated the EU data retention directive — stating that it is in violation of human rights, especially the right to privacy.
However, in Sweden data retention continues — under a cross-party political consensus. This is to be tried in the ECJ, but is still an open issue.
Meanwhile, Swedish police (and other authorities) are using data retention to demand information about Internet users and their activities from the ISPs.
Referring to the ECJ verdict, the ISP Bahnhof, has refused to share information about minor crimes with the police. After all, data retention was supposed to be about terrorism and other serious criminal activities.
To share information from data retention, Bahnhof requires that the police confirm that it will only be used for investigating serious crimes according to relevant Swedish legal definitions. And Bahnhof demands this information from the police in writing.
The police is not happy about this. Not at all. So it has asked PTS to investigate what can be done. This leading to PTS slamming Bahnhof with a penalty of five million Swedish kronor (some 550.000 euros) if not compliant.
Now, we shall remember that there still is an open case about Swedish data retention in the ECJ. Also, a Swedish administrative court has asked the ECJ for guidance when it comes to the Bahnhof case.
This has lead Bahnhof to ask the Stockholm lower administrative court (Förvaltningsrätten) for inhibition of the PTS decision concerning the fines mentioned above.
Now, this court has granted Bahnhof inhibition — until it has reached a final verdict after careful investigation in the wider context of data retention. However, PTS still can appeal against the inhibition. If so, the case will move up the three-tier Swedish administrative court system.
The bottom line is that a relatively small ISP — backed up by the first ECJ ruling — is prepared to take a fight against the government on data retention. And that the Swedish government is trying to circumvent the ECJ verdict, to maintain mass surveillance.
This is a story to be continued.
/ HAX
Disclaimer: The 5:th of July-foundation, running this blog, is the VPN provider for Bahnhof (and others). Bahnhofs lawyer is also a member of the board of the 5:th of July foundation.
European Parliament to approve PNR next Thursday
By HAX on April 7, 2016 in Big Brother, Civil liberties, Data Protection, EU, PNR, Privacy, surveillance, War on Terror
The European Parliament will have what is believed to be its’ final vote on EU Passenger Name Record (PNR) in Strasbourg next Thursday, April 14.
For years, the Parliament has tried to stop registration of sensitive personal information related to air travel. But after the latest terrorist attacks, pressure has mounted, and everything suggests that the dossier will be approved during next week’s session.
From the European Parliaments webpage:
Passenger Name Record (PNR) data is information provided by passengers and collected by air carriers during reservation and check-in procedures. Non-carrier economic operators, such as travel agencies and tour operators, sell package tours making use of charter flights for which they also collect and process PNR data from their customers.
PNR data include several different types of information, such as travel dates, travel itinerary, ticket information, contact details, baggage information and payment information.
Parliamentarians have had serious concerns about the impact of PNR on fundamental rights and data protection.
Now he PNR dossier is said to be voted together with the EU Data Protection package – at least allowing some coordinated approach.
Formally, EU PNR is about information regarding passengers arriving on flights from non-EU countries. But there is no doubt this will also apply to intra-EU flights.
So, governments will store information about all of people’s air travel, in detail. This is to be added to information about e.g. all of our telecommunications and our bank transactions. The grip tightens.
(It could have been even worse. Earlier on in the process, the U.K. put forward the idea that all our train travel, car rentals, and hotel stays should also be registered. But I guess they decided to take this one step at a time.)
If nothing short of a miracle occurs, next Thursday the EU will take its’ next step towards Big Brotherism.
/ HAX
Links:
• EP: Final votes on PNR and data protection package »
• News on PNR from the EP (16 July 2015) »
• EP: Much Ado About PNR (19 Jan. 2015 »
• EP: EU Passenger Name Record (PNR) proposal: an overview (14 Dec. 2015) »
• MEPs refuse to vote on PNR before Council strengthens data protection (9 March 2016) »
ECJ to rule in favour of linking?
Linking to pirated content that is already available to the public can not be seen as copyright infringement under the European Copyright Directive. This is the advice Advocate General Melchior Wathelet has sent to the EU Court of Justice, in what may turn out to be a landmark case.
TorrentFreak: Linking to Pirated Content Is Not Copyright Infringement, Says EU Court Adviser »
A European FBI? Really?
By HAX on March 27, 2016 in Big Brother, Big Government, Civil liberties, Democracy, EU, FBI, Intelligence, Rule of law, Snowden
Somewhere on the Internet, someone wrote “The purpose of terrorism is to provoke the target government into curtailing civil liberties, so more people become radicalized.”
Close enough. Google “the purpose of terrorism”. The Internets is full of thought-provoking discussion about what the fuck is going on. Or at least, opinions about it.
Terrorism is a wide specter, in many ways. Now, we are waiting to find out how governments are going to react to the Brussels attacks. They will. They have to. That is what politicians do. But… how should they react?
It happens to be that national governments are catastrophically bad at sharing information with each other. At least, when it comes to information that might be a bit sensitive. They simply cannot let everyone else in on everything. They will not do that.
And the EU can do nothing. (I’m not saying that the EU should, absolutely not – but it is noteworthy that it can not. National security is strictly national competence. That’s the rule.)
So there is this bold idea floating around: A European FBI.
In other words, a federal and centralized European police. All information would belong to an EU institution in some Belgian suburb. It would have its nose in everything. Like they say in American crimis… “Oh, shit. The Feds are here.”
Newer the less, it would be a radical way to get all of the European police in line, I guess. And think about all the money they can save by having a common European police uniform.
On the one hand, it is obvious that someone must make national government’s security agencies share relevant information — about common enemies, at least.
On the other hand, who should handle this? Not the Commission itself, I hope. So, give it to Europol, they will say. And right there we also need to give Europol full operative authority in all EU member states.
Europol is the European Union’s law enforcement agency whose main goal is to help achieve a safer Europe for the benefit of all EU citizens. We do this by assisting the European Union’s Member States in their fight against serious international crime and terrorism.
— Europols boilerplate
Europol is largely a post-macho bureaucracy, with some support for member states in need to coordinate specific work and operations. But it’s not very operative in itself. (Europol didn’t even bother to look into the possibility that the NSA hacked the SWIFT bank transaction system, mentioned in the Snowden files. Not even after being asked about it by media and in the European Parliament.)
Should we put these people in charge of running European police? I’m not even sure that Europol would like to. They lack the ambition.
Maybe something… new! And there you have it: Europolice. The only police you will ever need.
Then anything can happen. There will be disasters like a centralized procurement process for toilet paper to all European police stations. There will be a federal authority running its own investigations parallel to local law enforcement. And federal crimes must be handled in a unified way across all of the EU — how do you make that happen?
There will have to be field offices in cities all over the continent, with a partly international crew.
Europolice: Keeper of all information. Online with all national records. Connected to the mass surveillance network. Bureaucracy with operative authority. A single point for failure. Under at best vague democratic oversight.
Are you really sure about doing this?
/ HAX
ECJ to rule that providing open internet connection is not a crime?
In a recommendation the Advocate General to the European Court of Justice (ECJ) states that business who provide free, open Wi-Fi to customers should not be responsible for copyright infringements carried out on their network.
But there might still be national restrictions. Glyn Moody at ArsTechnica:
However, the Advocate General ruled that national courts may issue injunctions against the provider of free Wi-Fi services in the case of copyright infringement provided they are “particular, effective, proportionate and dissuasive”; and “that they are aimed at bringing a specific infringement to an end, and do not entail a general obligation to monitor.” Moreover, courts must strike a fair balance between “freedom of expression and information and the freedom to conduct business, as well as the right to the protection of intellectual property.”
The Advocate General goes on saying that there need to be no obligation to secure an open network with a password. It might even be possible that a shop or a café providing open Wi-Fi might be covered by the mere conduit principle. (Under the mere conduit principle of the EU E-Commerce Regulations of 2002, network operators have no legal liability for the consequences of traffic delivered via their networks.)
Now it is up to the ECJ to draw its final conclusions. But the court normally rules in line with the Advocate Generals recommendations.
This is good news for an open, creative society where people work and use their devices in public establishments. Providing free internet connection should not be a crime.
ArsTechnica: Free Wi-Fi providers not liable for user’s piracy, says top EU court lawyer »
/ HAX
“EU-US Privacy Shield must be sent back to negotiators”
A group of leading digital rights organisations on both sides of the Atlantic has called for the Privacy Shield arrangement between the EU and US to be sent back to the negotiators. In a letter to senior EU officials, the group says that without “substantial reforms” to ensure protection for fundamental rights of individuals, the Privacy Shield will “put users at risk, undermine trust in the digital economy, and perpetuate the human rights violations that are already occurring as a result of surveillance programs and other activities.”
ArsTechnica: Privacy Shield deal must be sent back to negotiators, say digital rights warriors »
EU and the crypto war
So, where does the EU stand on politicians, law enforcements and intelligence organisations war on encryption?
It is still an open question, to be decided in the e-Privacy Directive.
What is this — and didn’t the EU just set out the framework for data protection? Diego Naranjo at EDRi explains…
“Did you think the data protection reform was finished? Think again. Once the agreement on the texts of the General Data Protection Regulation (GDPR) and the Data Protection Directive for Law Enforcement Agencies (LEDP) was reached, the e-Privacy Directive took its place as the next piece of European Union (EU) law that will be reviewed. The e-Privacy Directive (Directive 2002/58/EC on privacy and electronic communications) contains specific rules on data protection in the area of telecommunication in public electronic networks.”
Here issues such as cookies, government trojans and encryption back doors should be addressed.
So far, this process has attracted very little attention from the public, the media, the industry and internet activists. Nevertheless, these issues are essential when it comes to citizens right to privacy.
While the Apple vs. FBI case in the US is all over the media — what’s going on in the same field in the EU is more or less ignored.
While most EU politicians have held a low profile about encryption backdoors so far, the matter of government trojans already is an existing and very real cause for worry.
The French have since long been suspected to use malware (e.g. Babar, Bunny, Casper, Dino, NBot and Tafacalou) and will most certainly move ahead in its’ new cyber-security strategy. In Germany the government just approved the usage of trojans by federal agencies. And countries like Sweden are fast-tracking legislation in this field.
It is important to remember that this is not “only” about phone calls, text messages and e-mails. With trojans on your phone, tablet or computer — the government can access everything you do. What you write. What you google. Your online banking. Your social media activities. Dating apps that you might use. Your contacts. Your private pictures. Your business plans. Your health apps. You name it…
So we better get busy while it’s still possible to influence the political process.
Don’t let the EU get away with keeping this dossier under the radar. Please.
/ HAX
EDRi: Data Protection Reform – Next stop: e-Privacy Directive »