Category: Internet

ECJ Advocate General on data retention: Strict conditions must apply

Data retention (collection of data about everybody’s phone calls, text messages, e-mails, internet connections and mobile positions) may only be used to combat serious crimes – and only if there are no other options (such as using surveillance only against people who are actually suspected of criminal activities).

This is the essence of the European Court of Justices Advocate Generals recommendation in some ongoing cases about data retention.

From the press release (PDF):

The Advocate General is of the opinion that a general obligation to retain data may be compatible with EU law. The action by Member States against the possibility of imposing such an obligation is, however, subject to satisfying strict requirements. It is for the national courts to determine, in the light of all the relevant characteristics of the national regimes, whether those requirements are satisfied.

First, the general obligation to retain data and the accompanying guarantees must be laid down by legislative or regulatory measures possessing the characteristics of accessibility, foreseeability and adequate protection against arbitrary interference.

Secondly, the obligation must respect the essence of the right to respect for private life and the right to the protection of personal data laid down by the Charter.

Thirdly, the Advocate General notes that EU law requires that any interference with the fundamental rights should be in the pursuit of an objective in the general interest. He considers that solely the fight against serious crime is an objective in the general interest that is capable of justifying a general obligation to retain data, whereas combating ordinary offences and the smooth conduct of proceedings other than criminal proceedings are not.

Fourthly, the general obligation to retain data must be strictly necessary to the fight against serious crime, which means that no other measure or combination of measures could be as effective while at the same time interfering to a lesser extent with fundamental rights.

Furthermore, the Advocate General points out that that obligation must respect the conditions set out in the judgment in Digital Rights Ireland (5) as regards access to the data, the period of retention and the protection and security of the data, in order to limit the interference with the fundamental rights to what is strictly necessary.

Finally, the general obligation to retain data must be proportionate, within a democratic society, to the objective of the fight against serious crime, which means that the serious risks engendered by that obligation within a democratic society must not be disproportionate to the advantages it offers in the fight against serious crime.

Here it is important to remember that the ECJ revoked the EU Data Retention Directive – the document all member states data retention is built upon – in the spring of 2014. This because it violates fundamental human rights, such as the right to privacy. So it is hardly possible to stick to any direct adaptations of the fallen directive.

One thing that seems to be clear is that data retention cannot be used to investigate minor crimes (e.g. illegal file sharing). And it cannot be used for non-criminal proceedings (e.g. by local councils and tax authorities). The infringement of privacy is massive with data retention. It must be in proportion to the seriousness of the suspected crime.

Point four (“which means that no other measure or combination of measures could be as effective while at the same time interfering to a lesser extent with fundamental rights”) is also interesting. Of course, there are other measures – like only using surveillance against people suspected of criminal activities, instead of the entire population.

Later this fall the ECJ will give its final verdict. But it usually follows the Advocate Generals recommendations.

Links:
• ECJ press release (PDF) »
• The Advocate Generals recommendation, full text »
• EDRi – European Court confirms: Strict safeguards essential for data retention »
• Falkvinge – European Supreme Court says “Maybe” to mass surveillance of innocents »

And now… automated web censorship

Automated systems to identify child abuse material (and flag it for removal) on the Internet is now going to be used to combat “extremist” and “hateful” content on social media.

“However, the definition of “extremist content” is everything but clear; CEP’s algorithm does not (and logically cannot) contain this definition either. Even if it were to use a database of previously identified material, that still would create problems for legitimate quotation, research and illustration purposes, as well as problems regarding varying laws from one jurisdiction to another.”

“The Joint Referral Platform has the potential to automate Europol’s not-formal-censorship activities by an automatic detection of re-upload. However, it remains unclear whether any investigative measures will be taken apart from the referral – particularly as Europol’s activities, bizarrely, do not deal with illegal material. There is obviously no redress available for incorrectly identified and deleted content, as it is not the law but broad and unpredictable terms of service that are being used.”

What could possibly go wrong..?

EDRi: Algorithms – censorship à la carte? »

Next up: EU e-Privacy Directive

The EU General Data Protection Regulation (GDPR) and the Data Protection Directive for Law Enforcement Agencies (LEDP) have now been approved — after being watered down as the result of an unprecedented lobbying campaign.

Next up is the EU e-Privacy Directive. EDRi explains…

The e-Privacy Directive contains specific rules on data protection in the area of telecommunication in public electronic networks. It is hugely important, as it is the only EU legislation that regulates confidentiality of communications. (…)

Specifically, the ePrivacy Directive regulates aspects related to the right to confidentiality of communications and the right to freedom of expression.

Once again, we can expect a massive lobby campaign to weaken citizens rights.

To get up to date with what is at stake, read this blog post from EDRi:

• e-Privacy Directive revision: An analysis from the civil society »

/ HAX

EU to tax links to news

Germany and Spain introduced in their legislation what some people call a “Google tax”. The idea came from the publishers. They claimed the right to get an additional copyright, “ancillary copyright”, on any news that are published online. The idea of this “tax” (that is actually not a tax) was to charge the online news sites who publish news snippets, short extracts of news, such as Google News. Even if the main target of publishers was Google News, the laws affect other similar services, for example meneame in Spain. Ultimately it could even undermine the whole concept of links to information.

The result of this “Google tax” was a complete failure: Google decided to close Google News in Spain, while in Germany everyone except Google ended up paying the “tax”. Now, even after these clear failures, the European Commission (EC) is determined to make this error a European one; it’s considering implementing the ancillary copyright everywhere in the European Union (EU) – and on an even bigger scale than in Spain and Germany.

EDRi: The “Google tax”- not a tax and Google doesn’t pay »

European Parliament in new attempt to introduce web blocking

Tomorrow the Europeans Parliaments civil liberties (LIBE) committee will vote on new EU regulation to combat terrorism.

In the committee, German MEP Monika Hohlmeier (EPP) has introduced an amendment stating that member states “may take all necessary measures to remove or to block access to web pages publicly inciting to commit terrorist offences”.

EP LIBE meeting documents »

In a comment in Ars Technica, EDRi says…

“This leaves the door wide open for private companies to police content and very likely over-block or delete any content they are unsure about,” EDRi (European Digital Rights) head Joe McNamee told Ars. He added that European law requires that any blocking or content restriction measures “must be provided for by law, subject to initial judicial control and periodic review.”

If adopted in the LIBE committee, this proposal will be voted in plenary, probably as soon as 4-7 July.

Jennifer Baker in Ars Technica: Web content blocking squeezed into draft EU anti-terrorism law »

EDRi: Terrorism and internet blocking – is this the most ridiculous amendment ever? »

terrorism_directive_20160620-768x379

/ HAX

Who should Police the Internet?

copyfail_3-1-768x377

Privatised law enforcement undermines democracy and creates serious risks for fundamental rights, particularly for freedom of expression. Despite this, in current copyright debates, the focus is far too often on how private companies should police the internet, not on the need of a copyright reform.

Internet companies will always take the easiest option. If they fear laws, punishment or bad publicity, it’s always easier and safer for them to delete legal content along with possibly unauthorised or illegal content, just in case.

EDRi: Copyfail #3 – Google and Facebook becoming the Internet police force »

Does Google rule the world? Really?

https://youtu.be/TSN6LE06J54

“The Search Engine Manipulation Effect (SEME) and Its Unparalleled Power To Influence How We Think”- Robert Epstein of American Institute for Behavioral Research and Technology.

This is really interesting, even if it in part might be dangerously close to conspiracy theories.

At least, I think that Search Engine Manipulation might be possible and very effective. But is it really done – intentionally or unintentionally? It is difficult to say, especially as all search results seems to be personalised.

Youtube »

Sir Tim Berners-Lee: Let’s Unfuck the Internet!

This is exciting…

The web is a little fucked up right now. Governments are spying on civilians, some block specific websites, and companies like Amazon have a stranglehold on the cloud services business. But what if we could create a decentralized web, with more privacy, less government control, and less corporate influence?

Tim Berners-Lee, inventor of the World Wide Web, wants to do exactly that. Sir Tim recently gathered some top computer scientists in a San Francisco church at an event called the Decentralized Web Summit, where attendees brainstormed ways to make the internet more broadly distributed. The smartest technologists on the planet showed up to join the discussions including early internet architect Vint Cerf and Brewster Kahle, founder of the Internet Archive.

Gizmodo: The Web’s Creator Now Wants to Unfuck It »

So, why?

“The temptation to grab control of the internet by the government or by a company is always going to be there. They will wait until we’re sleeping, because if you’re a government or a company and you can control something, you’ll want it,” he said.

The Inquirer: Sir Tim Berners-Lee: Internet has become ‘world’s largest surveillance network’ »

Big Government and Big Data fighting over control of your online activities. Blockchain is the obvious alternative.

For many years, the EU has taken many small steps towards introducing an EU ID card: eIDAS. (Or at least a strict common EU standard for nationally issued ID cards.)

An ID card proving the holders identity is one thing. (However, a mandatory ID card as such is a very controversial concept in some member states.) One interesting point is if there is going to be a common personal EU identification number. Another is what information the cards chip will contain and how it is going to be used. No doubt, an EU ID card can be used as a very effective tool for various forms of Big Brotherism.

It is in the light of the EU slowly trying to introduce a common, mandatory ID card that various EU schemes should be scrutinised.

Last week some sites, e.g. Breitbart London ran this story: The European Commission Wants You To Log Into Social Media Accounts With Govt-Issued ID Cards »

Well, that might be a bit oversimplified. What the EU suggests is that it should be possible to use national (EU harmonised) ID cards to log into various online platforms instead of logging in using e.g. Facebook or Google. Thus giving you the possibility of being controlled by Big Government or Big Data.

Giving people a possibility to choose is a good idea, as such. But I’m not sure that I would like Big Government or Big Data to have the control over my online life.

And you should be very suspicious! The moment there is an established platform for online registration (or signing transactions) with an EU approved ID card – this system can be rolled out all over the place. For example, the EU would love to have a system where you have to use your ID card to be able to log on to the Internet. I have met several people in the EU apparatus promoting that idea.

But how should you go about if you don’t want nor Big Government or Big Data to be in control of your online activities?

Actually, it can be done quite easily – by using Blockchain technology, decentralised solutions, and open source software. Ideal, there should be a couple of different such ID providers, competing with each other over providing competent privacy protection.

(All of this might even be possible to achieve using the already existing Bitnation World Citizen ID.)

This can be one of those forks in the road of history: Do we want our online activities to be controlled by Big Government and Big Brother, by Big Data – or a decentralised system with a high level of security, respecting users right to privacy and controlled by no one?

/ HAX

Links:
• The European Commission Wants You To Log Into Social Media Accounts With Govt-Issued ID Cards »
• EU: Communication on Online Platforms and the Digital Single Market Opportunities and Challenges for Europe »