Navigation

Archive | Privacy

Should the US Patriot Act have precedence over EU data protection?

By on May 26, 2016 in Big Data, Data Protection, EU, Privacy, US

Today the European Parliament has voted on a resolution concerning the “EU-US Privacy Shield”. This is a mess.

Transfer of personal data from the EU to the US used to be regulated under the so-called Safe Harbour Agreement, aiming at protecting our data when transferred to the US. But actually, this agreement was too vague, rather pointless and possible to circumvent. Finally, the European Court of Justice (ECJ) invalidated it, finding that it violated citizens right to privacy.

So work started to replace Safe Harbour with the EU-US Privacy Shield. In the process, the EU has stated that there is a new agreement, even though we are nowhere close to a final document. The EU and the US are very eager to push for this new agreement, to benefit Big Data in the US. But the concern is that this new agreement will not treat EU citizens personal data in a responsible way, disregard our right to privacy and that it might be Safe Harbour all over again.

One core question is if the US Patriot Act and the new USA Freedom Act should have precedence over EU data protection.

Today the European Parliament had a say, in a non-binding resolution. The press release:

In the resolution, passed by 501 votes to 119 with 31 abstentions, MEPs welcome the efforts of the Commission and the US administration to achieve “substantial improvements” in the Privacy Shield compared to the Safe Harbour decision which it is to replace.

However, they also voice concern about “deficiencies” in the proposed new arrangement negotiated by the Commission, notably:

• the US authorities’ access to data transferred under the Privacy Shield,

• the possibility of collecting bulk data, in some cases, which does not meet the criteria of “necessity” and “proportionality” laid down in the EU Charter of Fundamental Rights,

• the proposed US ombudsperson, a new institution that MEPs accept is a step forward, but believe to be neither “sufficiently independent”, nor “vested with adequate powers to effectively exercise and enforce its duty”, and

• the complexity of the redress mechanism, which the Commission and US administration need to make more “user-friendly and effective”, MEPs say.

Parliament stresses that the Privacy Shield framework gives EU member state’s data protection agencies a prominent role in examining data protection claims and notes their power to suspend data transfers. It also notes the obligation placed upon the US Department of Commerce to resolve such complaints.

Finally, MEPs call on the Commission to conduct periodic “robust reviews” of its decision that Privacy Shield protection is adequate, particularly in the light of experience with the new EU data protection rules which are to take effect in two years.

In other words, the EU and the US are far from a complete and acceptable agreement.

Green home affairs and data protection spokesperson Jan Philipp Albrecht said:

The proposed ‘Privacy Shield’ framework does not seem like a viable long-term solution. It seems highly questionable that this new framework addresses the concerns outlined by the European Court of Justice in ruling the Safe Harbour decision illegal. The European Commission cannot issue a blank check for the transfer of European citizens’ data to the US. Instead, it has to continue to insist on improvements to the level of data protection.

At the same time the centre-right group, EPP, is impatient to have a new agreement in place – seemingly without having the same concerns over privacy and data protection.

The EPP Group’s Spokesman on the issue, Axel Voss MEP, warned against any attempt to torpedo the finalisation of the Privacy Shield, listing benefits to European consumers and SMEs alike: “Free cross-border data flows between the EU and the US are of paramount importance for our economies, trade and investment. Data flows are a key element for the competitiveness of business. Therefore the EPP Group welcomes the conclusion of the negotiations between the EU and the US on this topic.”

Now, we will have to wait to see what the European Commission makes of this.

/ HAX

Links:
• European Parliament: EU-US “Privacy Shield” for data transfers: further improvements needed, MEPs say »
• Greens-EFA: EU-US ‘Privacy Shield’ data exchange »
• EPP: EU-US data flows: urgent implementation of Privacy Shield needed »
• Ars Technica: EU data protection chief: We have serious concerns about Privacy Shield »

Previous posts on The EU-US Privacy Shield: 1 | 2 | 3 | 4 | 5

See an interview with Max Scherms, who took Safe Harbour to the European Court of Justice »

0

Europol, Facebook & Twitter

By on May 20, 2016 in Big Brother, Big Data, Data Protection, Europol, Facebook, Privacy, surveillance

Will the European Police Office’s (Europol’s) database soon include innocent people reported by Facebook or Twitter? The Europol Regulation, which has been approved on 11 May 2016, not only provides a comprehensive new framework for the police agency, but it also allows Europol to share data with private companies like Facebook and Twitter.

EDRi – Europol: Non-transparent cooperation with IT companies »

0

What the Police really wants to know

By on May 19, 2016 in Big Brother, Data Retention, File Sharing, Intellectual Property, Privacy

For the first time, an ISP publishes statistics of what crimes the Police are investigating when requesting the release of internet subscriber identities. The so-called Data Retention, which is a governmental requirement to store data about everybody’s communications in order to use it against them in the future, was originally justified as necessary for fighting organized crime and terrorism – but is now being used against ordinary sharing of music and movies, according to the ISP.

“We want to publish these statistics in order to show the Police are violating people’s privacy and spending resources on pointless trifles”, says Jon Karlung, CEO of Bahnhof.

Falkvinge: For first time, an ISP reveals why Police demand internet subscriber identities: ordinary file sharing is the most investigated “crime” »

0

The Closing of the Net

By on May 13, 2016 in Big Data, Big Entertainment, Big Government, Copyright, Data Retention, Hacktivism, Intellectual Property, Internet, Privacy

Monica Hortens new book The Closing of the Net is now available.

In a mail to colleagues, fans and friends she writes…

I am delighted to announce that my new book “The Closing of the Net” has been released.

“The Closing of the Net” discusses how political decisions are influencing the future direction of Internet communication. As the interests of powerful businesses are manipulating governments and policymakers, and become more embedded in the online world, so these corporations seek greater exemption from liability. The book confronts the deepening cooperation between large companies and the state. Political manoeuvrings, it argues, suggest that the original vision of a free and democratic Internet is rapidly being eclipsed by a closed, market-led, heavily monitored online ecosystem. “The Closing of the Net” tackles the controversies surrounding individual rights today, addressing policy agendas such as net neutrality, copyright and privacy. It includes research that I have not previously published on topics including Megaupload, the EU Data Retention Directive, UK copyright lawsuits, and more.

“The Closing of the Net” is published by Polity Press http://tinyurl.com/zhqz5j6 and is available from Amazon http://amzn.to/1S6zxJ7 It has been described as “thriller-esque”! I do hope you enjoy it.

Monica Horten gave us a lot of important input about the Telecoms Package and other net oriented dossiers when I worked with the Pirate Party in the European Parliament.

0

Surveillance: Who owns you and your life?

By on May 12, 2016 in Big Brother, Civil liberties, Democracy, Human rights, Police state, Privacy, surveillance

There are many dimensions to the concept of privacy.

A fundamental question is: Who owns you and your life?

If you are not the owner of your person – that will open up for abominations like slavery, organ farming, and some absurd utilitarian concepts.

But if you are the owner of your person – this must include your body as well as your mind and your faculties.

So… if you are the owner of your person – does anybody else (a private person or a collective of persons) have the right to look into your mind, your thoughts and your beliefs? Does anybody else have the right to look into your relations to other people, your quest for knowledge or your personal habits and preferences?

Because that is exactly what is done when government snoops around in your communications, among your files and in your social networks.

The only reason I can find for allowing this is if a person is threatening other peoples’ security or property.

A person who is no threat to others should be left alone. And this is actually what is said e.g. in the European convention on human rights. People have the right to privacy and private correspondence unless they are a threat to others or to society. (Obviously, it might be debated what constitutes a threat to society. But you get the general rule.)

However, governments do not care. They want mass surveillance. They want to collect as much information as possible about as much people as possible.

The ruling political class simply does not treat us as free citizens but as serfs.

You should keep that in mind next time there is a general election.

/ HAX

1

Governments vs. WhatsApp

By on May 10, 2016 in Big Brother, Cryptography, IT security, Privacy, surveillance

In other words, there is no central repository of plain-text messages that the company can access to comply with a court subpoena. Nor is there a “universal key” that can be used as a government backdoor to decrypt information. When a user sends a message on WhatsApp, he or she can feel fairly confident that no confidence man in the middle lurks between them and the intended recipient of a message. Such security is a very strong selling point in this age of constant data breaches and headache-inducing identity thefts.

Reason: Why We Should All Care About Brazil’s War on WhatsApp »

0

Snowden on whistleblowing

By on May 4, 2016 in Civil liberties, Democracy, Human rights, Manning, NSA & Snowden, Privacy, Rule of law, Snowden, US, Wikileaks

When you first go on duty at CIA headquarters, you raise your hand and swear an oath — not to government, not to the agency, not to secrecy. You swear an oath to the Constitution. So there’s this friction, this emerging contest between the obligations and values that the government asks you to uphold, and the actual activities that you’re asked to participate in. (…)

By preying on the modern necessity to stay connected, governments can reduce our dignity to something like that of tagged animals, the primary difference being that we paid for the tags and they’re in our pockets. It sounds like fantasist paranoia, but on the technical level it’s so trivial to implement that I cannot imagine a future in which it won’t be attempted. It will be limited to the war zones at first, in accordance with our customs, but surveillance technology has a tendency to follow us home.

Edward Snowden in The Intercept: Whistleblowing Is Not Just Leaking — It’s an Act of Political Resistance »

0

What to learn from the Abdesalam fiasco

By on April 30, 2016 in Big Brother, Big Government, Civil liberties, Data Retention, Intelligence, Privacy, Rule of law, surveillance, War on Terror

Surveillance should only be directed against people who are suspected of (or to commit) serious crimes.

Mass surveillance – of everyone – only creates a bigger haystack, more false positives, and hamper police and intelligence authorities in their efforts to identify real threats.

Take the Abdesalam brothers in the Paris attacks as an example…

Both were known to Belgian authorities; both were suspected to prepare “an irreversible act”. For years.

This is a case of sloppiness, lacking resources and being Belgian.

Belgium might be a dysfunctional mess, but the problem is the same in other countries. The more mass surveillance data, the more police officers gazing at computer screens – the less security and safety.

Authorities all over would need to get serious, pretty quickly. There is no room for public sector inefficiency when it comes to fighting terrorism. There is no room for incompetence and idleness.

And there are no (valid and publicly acceptable) reasons to replace human intelligence with mass surveillance of the entire population.

The Americans might do it. The Russians and Chinese also do it, for sure. But that is no reason that Europe should. This is exactly what makes our liberal democracy so special. In Europe, we trust ordinary and law-abiding people enough to keep out of their private lives.

The Paris attacks were very real, sad and terrifying. The Abdesalm brothers are very real terrorists. This reality underlines that we need other methods to protect us from danger rather than mass surveillance and data retention. We need wise and competent people, knowing what they are doing. If there are any.

/ HAX

• Link: Belgian police knew since 2014 that Abdeslam brothers planned ‘irreversible act’ »

0

The haystack dilemma

By on April 28, 2016 in Big Brother, Data Retention, Intelligence, NSA, Privacy, surveillance, US

Binney said that an analyst today can run one simple query across the NSA’s various databases, only to become immediately overloaded with information. With about four billion people — around two-thirds of the world’s population — under the NSA and partner agencies’ watchful eyes, according to his estimates, there is too much data being collected.

“That’s why they couldn’t stop the Boston bombing, or the Paris shootings, because the data was all there,” said Binney. Because the agency isn’t carefully and methodically setting its tools up for smart data collection, that leaves analysts to search for a needle in a haystack.

ZDNet: NSA is so overwhelmed with data, it’s no longer effective, says whistleblower »

0