Amendment 90 to France’s penal reform bill provides for five year prison sentences and €350,000 fines for companies that refuse to accede to law enforcement demands to decrypt devices.
BoingBoing: French Parliament votes to imprison tech execs for refusal to decrypt »
So, where does the EU stand on politicians, law enforcements and intelligence organisations war on encryption?
It is still an open question, to be decided in the e-Privacy Directive.
What is this — and didn’t the EU just set out the framework for data protection? Diego Naranjo at EDRi explains…
“Did you think the data protection reform was finished? Think again. Once the agreement on the texts of the General Data Protection Regulation (GDPR) and the Data Protection Directive for Law Enforcement Agencies (LEDP) was reached, the e-Privacy Directive took its place as the next piece of European Union (EU) law that will be reviewed. The e-Privacy Directive (Directive 2002/58/EC on privacy and electronic communications) contains specific rules on data protection in the area of telecommunication in public electronic networks.”
Here issues such as cookies, government trojans and encryption back doors should be addressed.
So far, this process has attracted very little attention from the public, the media, the industry and internet activists. Nevertheless, these issues are essential when it comes to citizens right to privacy.
While the Apple vs. FBI case in the US is all over the media — what’s going on in the same field in the EU is more or less ignored.
While most EU politicians have held a low profile about encryption backdoors so far, the matter of government trojans already is an existing and very real cause for worry.
The French have since long been suspected to use malware (e.g. Babar, Bunny, Casper, Dino, NBot and Tafacalou) and will most certainly move ahead in its’ new cyber-security strategy. In Germany the government just approved the usage of trojans by federal agencies. And countries like Sweden are fast-tracking legislation in this field.
It is important to remember that this is not “only” about phone calls, text messages and e-mails. With trojans on your phone, tablet or computer — the government can access everything you do. What you write. What you google. Your online banking. Your social media activities. Dating apps that you might use. Your contacts. Your private pictures. Your business plans. Your health apps. You name it…
So we better get busy while it’s still possible to influence the political process.
Don’t let the EU get away with keeping this dossier under the radar. Please.
/ HAX
EDRi: Data Protection Reform – Next stop: e-Privacy Directive »
This week the dire predictions came to pass, as the network reached its capacity, causing transactions around the world to be massively delayed, and in some cases to fail completely. The average time to confirm a transaction has ballooned from 10 minutes to 43 minutes. Users are left confused and shops that once accepted Bitcoin are dropping out.
Finally, the European Commission has presented a proposal for the EU-US Privacy Shield conserning data protection, to replace the fallen “Safe Harbour” agreement. Sorry to say, it’s rather pointless.
The background is that the European Court of Justice invalidated the “Safe Harbour” agreement that was supposed to provide adequate data protection when Europeans personal data is being transfered to the US. The reason was that US companies didn’t really care about the agreement — and that US authorities (e.g. the NSA) in many cases had access to the data.
Then followed some confusion as the EU and the US tried to negotiate a new agreement, the EU-US Privacy Shield. Here are some previous blog posts:
• An EU-US Privacy Shield? »
• The EU-US Privacy Shield Illusion »
Now we have a proposal. Some EU links:
• European Commission presents EU-U.S. Privacy Shield »
• Restoring trust in transatlantic data flows through strong safeguards: European Commission presents EU-U.S. Privacy Shield »
• EU-U.S. Privacy Shield: Frequently Asked Questions »
This new proposal is rather similar to the old, fallen agreement. So much so, that it might very well be invalidated by the ECJ once again.
The main news seems to be “adequacy decisions”. In simple terms this means that things will be deemed OK if the European Commission says so. And that is hardly a solid judicial principle.
The Austrian student Max Schrems — who took the old agreement to the ECJ in the first place — says that he is considering taking the new agreement back to court, if adopted.
In a comment the NGO EDRi:s Executive Director Joe McNamee says..
The European Commission has given Europe a lesson on how not to negotiate. This isn’t a good deal, it hardly deserves to be called a ‘deal’ of any kind.
The EDRi press release also states that the documents published “confirm that no meaningful reforms have been made and that none are planned”.
EDRi Press Release: Privacy Shield is the same unsafe harbour »
The European Commission simply does not seems to be very concerned about protecting European personal data being transfered to the US.
/ HAX
House Committee on the Judiciary Hearings: The Encryption Tightrope — Balancing Americans’ Security and Privacy
Here is some food for thought, on the FBI vs. Apple case about unlocking the San Bernardino shooters iPhone: It’s not only about your phone calls and text messages, it’s about your entire life.
An iPhone contains apps, surf history and search history that would crack open your private life completely in front of Big Brother.
In a text, Rick Falkvinge lists a few examples…
Is this really information that should be in government hands?
Falkvinge: Using legacy phonecall wiretapping laws to justify Internet wiretapping is obscene: immense expansion of surveillance »
Slate: An iPhone Is an Extension of the Mind »
We have a new wrinkle in the encryption fight between Apple and the FBI. In a drug case, a magistrate judge in New York’s Eastern District has ruled that Apple does not need to assist the feds in unlocking a person’s phone and that the All Writs Act does not extend to such a demand.
Reason.com: Federal Judge Takes Apple’s Side vs. Feds in New York »
National security whistleblower Edward Snowden talks to the Free State Project from an undisclosed location in Russia.
IPRED — the EU Intellectual Property Rights Enforcement Directive — was highly criticised when introduced. It gave IPR holders wider rights to go after e.g. illegal filesharers than the police, skewing the legal system in favour of the industry. (But even then, IPRED has never been really effective.)
In 2014, the Italian EU presidency announced its’ plans to beef up IPRED. On this blog, I quoted the reaction from Brussels-based NGO EDRi on the matter…
“However, having established that the current legislative framework is not fit for purpose, the best thing that the Presidency can think of proposing is to expand and deepen the failed, not fit for purpose enforcement measures that are currently in force. The Italians apparently hope that, if they do the same thing over and over again, different results will be produced.”
But such objections do not discourage Brussels. The political process continues.
Preparing IPRED 2 the European Commission now has launched a consultation (normally being the first step for new or revised legislation). Once again EDRi explains it best…
“Injunctions, internet blocking, blackmailing of individuals accused of unauthorized peer-to-peer filesharing – the so-called IPRED Directive has been very controversial. Now, the European Commission has launched a consultation on the Directive (whose full name is Directive 2004/48/EC on the enforcement of intellectual property rights (IPRED) in the online environment).”
“The consultation is of great importance not only to those working on copyright or “intellectual property rights” in general, but in fact crucial to anyone using the Internet. This consultation covers to how private companies should or should not be involved in law enforcement online – for example by removing your online content in case it might include copyrighted material. It also covers the range of internet intermediaries that could or should be subject to legal obligations to undertake law enforcement activities.”
This consultation is open for everyone to respond to. And as political processes are easier to influence the earlier you get into them, this is an opportunity that should not be missed.
In order to make it easier for individuals to answer the consultation, EDRi has created an “answering guide” – an online tool with the European Commission’s questions and our analysis to guide your responses. The answering guide can be found here: http://youcan.fixcopyright.eu/limesurvey/index.php/829127?lang=en
Please get involved. Your reactions can shape the future of the Internet.
And a big thank you to EDRi for hacking the political system — analyzing, explaining and opening up the process for everyone to participate.
/ HAX
Apple is already thinking about ways to make it harder to hack iPhones, reports say. According to the New York Times, the company wants to prevent passcode-free recovery mode in future iPhones. According to the FT, Apple also wants to encrypt iPhone backups on iCloud.
Techcrunch: Apple Plans To Make iPhone And iCloud More Secure To Keep The Government Away »
