The next EU battle: Link tax

Opponents of the plan, including some small web publishers, worry it could choke traffic to their sites by creating a thicket of regulations that will dissuade Google and other platforms from driving users to them. These critics also argue that a publisher’s right will create a “link tax” (a phrase that supporters liken to a slur) but won’t achieve its backers’ main aim: to save the news sector’s broken business model. (…)

Comodini Cachia will present a report next month, including suggested amendments to the proposal, but it’s unclear whether the hard protections demanded by the publishers will survive.

Politico.eu: Plan to make Google pay for news hits rocks »

0

What is wrong with the EU Terrorism Directive?

Tomorrow – Thursday 16 February – the European Parliament votes on the EU Terrorism Directive. EDRi lists some of the things being wrong with this directive:

  • There are gaps in the harmonisation of the definition of terrorist offences. The Directive uses ambiguous and unclear wording, giving an unacceptably wide margin of manoeuvre to Member States. For example, the Directive criminalises “glorifying” terrorism without clearly defining it. This won’t prevent abuses experienced in countries like France.
  • “The criminalisation of the attempt is also extended to all offences…with the exception of receiving training and facilitating travel abroad”. This creates risks for fundamental rights and legal certainty. In addition, the European Parliamentary Research Service has recognised that “establishing a ‘terrorist intention’ may prove a challenge.”
  • The Directive’s scope touches on activities with little to no direct relationship to actual terrorist acts. For instance, hacking-related activities can be terrorist offences. Attempting or threatening to hack an information system can be punished as a terrorist offence in a Member State. Teaching somebody how to attack an information system (e.g. hacking) can be a terrorist offence. Seeking information on how to conduct an attack to an information system, can lead to a charge for committing a terrorist offence. In addition, inciting somebody to teach how to hack an information system can be a criminal offence.
  • Establishment of new offences, such as “receiving training for terrorism”, which includes consulting (non-defined) terrorist websites. Consulting (non-defined) terrorist websites can be a terrorist offence if the person is judged to have had a terrorism-related purpose and intention to commit a terrorist offence. However, the Directive says that criminal intent can be inferred from the type of materials and the frequency in which an individual consults websites, for example. On top of this, it will not be necessary for a terrorist offence to be committed or to “establish a link” to other offences in order to be punished. The Directive also says that inciting someone to consult “terrorist websites” can be punishable by Member States.
  • Member States can impose criminal liability on companies failing to remove or block terrorist websites.
  • The process for adopting the proposal avoided all of the elements of good law-making. It was made in December 2015 without meaningful consultation, public debate or even an impact assessment. To give an idea of the importance of impact assessments, we recall that the impact assessment for amending the Framework Decision 2002 looked at the available information and opted not to recommend the adoption of blocking measures because, among other dangers, it creates a risk of jeopardising investigations and prosecutions. The 2007 impact assessment also stated that “the adoption of blocking measures … can only be imposed by law, subject to the principle of proportionality, with respect to the legitimate aims pursued and to their necessity in a democratic society, excluding any form or arbitrariness or discriminatory or racist treatment.”. In the Terrorism Directive, blocking measures can be imposed by non-legislative action. In addition, it is not even clear whether regulating non-regulated “voluntary” measures by internet companies falls under the legal basis of the Directive.

It’s a mess. A dangerous mess.

Read more and get all the links at EDRi: The time has come to complain about the Terrorism Directive »

0

“What could happen if you refuse to unlock your phone at the US border?”

Ars spoke with several legal experts, and contacted CBP itself (which did not provide anything beyond previously-published policies). The short answer is: your device probably will be seized (or “detained” in CBP parlance), and you might be kept in physical detention—although no one seems to be sure exactly for how long.

Ars Technica: What could happen if you refuse to unlock your phone at the US border? »

0

Edward Snowden building safe communication tools for reporters

Since early last year, Snowden has quietly served as president of a small San Francisco–based nonprofit called the Freedom of the Press Foundation. Its mission: to equip the media to do its job at a time when state-­sponsored hackers and government surveillance threaten investigative reporting in ways Woodward and Bernstein never imagined. “Newsrooms don’t have the bud­get, the sophistication, or the skills to defend them­selves in the current environment,” says Snowden, who spoke to WIRED via encrypted video-chat from his home in Moscow. “We’re trying to provide a few niche tools to make the game a little more fair.”

Wired » Edward Snowden’s New Job: Protecting Reporters From Spies »

0

Is this the end of »mere conduit«?

A central principle in EU Internet-related legislation is the so-called mere conduit rule.

The IT Law Wiki:

Under the mere conduit principle of the EU E-Commerce Regulations of 2002,[1] network operators have no legal liability for the consequences of traffic delivered via their networks.

Wikipedia:

Who an information society service is provided that consists of the transmission in a communication network of information provided by a recipient of the service, or the provision of access to a communication network, Member States shall ensure that the service provider is not liable for the information transmitted, on condition that the provider: (a) does not initiate the transmission; (b) does not select the receiver of the transmission; and (c) does not select or modify the information contained in the transmission. The acts of transmission and of provision of access include the automatic, intermediate and transient storage of the information transmitted in so far as this takes place for the sole purpose of carrying out the transmission in the communication network, and provided that the information is not stored for any period longer than is reasonably necessary for the transmission.

Today’s Swedish court ruling (and earlier European court rulings) to block The Pirate Bay is in direct conflict with this principle, as stated in the EU eCommerce directive.

The grounds for this seems to be the EU InfoSoc directive. The argument is that mere conduit does not apply when it concerns traffic to sites that do not adhere to notifications to remove content that is deemed illegal, e.g. when it comes to copyright infringements and intellectual property.

But this doesn’t make sense.

You cannot have a rule stating that ISP:s have no legal liability for the consequences of traffic relayed via their networks – unless illegal. That is the same as saying that ISP:s do have legal liability for the consequences of traffic relayed via their networks. And this is the opposite of what is stated in the eCommerce directive.

And even though the ISP in question have not been charged with any criminal offense – it is to be considered liable, as the verdict states that it will have to pay a hefty fine unless blocking The Pirate Bay. (The ISP also had to pay the copyright owners legal fees.)

I would say that we have a clear case of conflicting laws. And as the blocking verdict is only an interpretation of the InfoSoc directive, while the eCommerce directive states a very clear principle – the latter shall apply.

But I´m no lawyer. Reactions, opinions, and feedback are welcome in the comments below.

/ HAX

0

The US digital border

Two weeks ago, Sidd Bikkannavar flew back into the United States after spending a few weeks abroad in South America. An employee of NASA’s Jet Propulsion Laboratory (JPL), Bikkannavar had been on a personal trip, pursuing his hobby of racing solar-powered cars. He had recently joined a Chilean team, and spent the last weeks of January at a race in Patagonia. (…)

Bikkannavar says he was detained by US Customs and Border Patrol and pressured to give the CBP agents his phone and access PIN. Since the phone was issued by NASA, it may have contained sensitive material that wasn’t supposed to be shared. Bikkannavar’s phone was returned to him after it was searched by CBP, but he doesn’t know exactly what information officials might have taken from the device.

The Verge: A US-born NASA scientist was detained at the border until he unlocked his phone »

Ars Technica: NASA scientist detained at US border until he unlocked his phone »

0

Appeals court blocks the Pirate Bay in Sweden

A Swedish appeals court (the court for market and patent related issues) today ruled that the Internet service provider Bredbandsbolaget must block the Pirate Bay and the streaming service Swefilmer.

By definition, this is censorship.

Also, it is a ruling in direct conflict with the EU the eCommerce-directives principle of »mere conduit« stating that net operators can not be held liable for what users are doing in their cables.

However, this is in line with court rulings in other European countries. And the court claims that the decision is based on EU law.

To confuse things further, the ISP has not been subject to any criminal charges or accusations of illegal activities. Nevertheless, the court seems to refer to a general »responsibilty« to stem illegal activities.

Where all of this leave the »mere conduit« principle (in the EU eCommerce directive) is unclear. Apparently, there are two conflicting sets of rules.

To abolish »mere conduit« is like holding the Post Office responsible for what is written and sent by mail. Or to hold road operators responsible for the intentions and actions of people traveling in cars using their infrastructure.

This is not reasonable. The ruling will open up for more censorship and surveillance.

And to top things of, no matter what, this form of blocking is not very effective and quite easy to circumvent.

/ HAX

Torrentfreak: The Pirate Bay Must Be Blocked in Sweden, Court of Appeal Rules »

1

Your password or your freedom

Francis Rawls, a former Philadelphia police sergeant, has been in the Philadelphia Federal Detention Center for more than 16 months. His crime: the fired police officer has been found in contempt of court for refusing a judge’s order to unlock two hard drives the authorities believe contain child pornography. Theoretically, Rawls can remain jailed indefinitely until he complies. (…)

He’s not charged with a crime. Judge demands he help prosecutors build their case.

Ars Technica: Man jailed 16 months, and counting, for refusing to decrypt hard drives »

0