*Becoming an official EDRi supporter so that intelligence agencies will know who to datamine.
======================================================================
EDRi-gram
fortnightly newsletter about digital civil rights in Europe
EDRi-gram 13.9, 6 May 2015
Read online: https://edri.org/edri-gram/13-9/
Contents
1. You can now become an official EDRi Supporter
2. Slovakia: Mass surveillance of citizens is unconstitutional
3. Privacy Cafés launched to improve secure communications in the EP
4. Emotion tracking company gets funding from the European Commission
5. Turkish student sentenced for re-tweeting satirical news
6. Digital Single Market: A missed opportunity
7. Recommended Action
8. Recommended Reading
9. Agenda
10. About
1. You can now become an official EDRi Supporter
You don't have much time but you want to contribute to the fight for
your rights and freedoms? We have launched a “Supporter” status for
those motivated individuals who want to support our work for net
neutrality, strong privacy protections and a reform of copyright rules
in Europe.
All the Supporters receive exclusive updates, and our goodies – for
example stickers and bags. The donations are collected monthly via SEPA
direct debit mandates. Supporters can choose from four categories:
“Valued supporter” (5 euro per month), “Epic supporter” (20 euro per
month), “Legendary supporter” (50 euro per month) and “Random supporter”
(amount of your own choice).
Since its creation in 2002, EDRi has been defending and promoting human
rights and freedoms in the digital environment, having evolved from
being a decentralised alliance with no staff to an influential
organisation with a Brussels office and professional staff with standing
and credibility in key European policy circles. Today, six full-time
employees in the Brussels office are working hard to defend your online
rights and freedoms. At the same time, the number of legislative
proposals has been continuously increasing, and industry lobbyists in
Brussels still have vastly more resources in order to influence EU
policy making. Regular contributions are now needed more than ever, to
redress the balance, and to keep the voice of civil society heard in the
EU decision making.
If becoming a Supporter feels like too big a commitment, there is a
possibility to make a one-off-donation via PayPal, Credit Card, Bitcoin,
Flattr or bank transfer. For those who don't have the means to
participate financially, we welcome and greatly appreciate help with
translations, as well as distributing our articles, booklets and other
material though social networks. If you could consider volunteering,
don’t hesitate to contact us by e-mail at brussels(at)edri.org, to find
out which would be the best way for you to get involved.
Become a Supporter
https://edri.org/supporters/
Make a one-off-donation
https://edri.org/donate/
Donation FAQ
https://edri.org/donation-faq/
2. Slovakia: Mass surveillance of citizens is unconstitutional
Slovakia's data retention law is now history. On 29 April, the
Constitutional Court of the Slovak Republic ruled that the mass
surveillance of citizens is unconstitutional. The decision was made in
the context of proceedings initiated by 30 Members of the Parliament on
behalf of the European Information Society Institute (EISi), a
Slovakia-based think-tank.
In a non-public session, the Grand Chamber of the Constitutional Court
(PL. ÚS 10/2014) ruled that provisions of Act on Electronic
Communications (Act No. 351/2011 Coll.), which until now required mobile
network providers to track the communication of their users, as well as
provisions of the Penal Code (Act No. 301/2005 Coll.), and the Police
Force Act (Act No. 171/1993 Coll.), which allowed access to this data,
to be in contradiction to the constitutionally guaranteed rights of
citizens to privacy and personal data. As a consequence, these
provisions lost their binding effect.
According to now invalid provisions of the Electronic Communications
Act, the providers of electronic communications were obliged to store
traffic data, location data and data about the communicating parties for
a period of six months (in the case of Internet, email or Voice over IP
(VoIP) communications) or for a period of 12 months (in case of other
communications). Data about unsuccessful calls was also stored for the
same periods. Moreover, the legal framework regulating the access to
data retention data was completely arbitrary and considerably less
stringent than comparable provisions on wire-tapping.
In the opinion of EISi, the introduction of these obligations
constituted a substantial encroachment upon the private life of
individuals – especially because this mandated a blanket monitoring of
all inhabitants of Slovakia, regardless of their innocence or prior
behaviour. The data retention requirements mandated that every day the
data about every inhabitant of Slovakia must be collected, amassing a
profile of who called whom, to whom someone sent an SMS or email, when
the person sent it, from which location, using what type of device or
service, how long the communication took, and many others details. It
almost goes without saying that combining of all this information made
it possible to perfectly analyse the movements of every inhabitant of
Slovakia using a mobile phone or the internet. This allowed the
behaviour, circle of acquaintances, hobbies, health, sexuality and other
information that citizens might prefer to keep to themselves to be
predicted.
The decision marks an end to EISi's five-year battle against mass
surveillance. Soon after the launch of the now unconstitutional data
retention requirements, EISi authored a short report pointing out the
basic discrepancies between the Act on Electronic Communications (“the
Act”) and its data retention provisions, and the fundamental rights
embodied in the Slovak constitution, the EU Charter of Fundamental
Rights and Freedoms, and the Convention for the Protection of Human
Rights and Fundamental Freedoms. This report was then presented in the
form of a motion to two local authorities, which, despite the evidence,
reached the view that the data retention provisions do not lead to an
interference with the fundamental rights and freedoms of citizens. , and
no proceedings before the Constitutional Court were initiated.
EISi then put together a submission for the Constitutional Court, and
started asking for the support of the Members of the Parliament, who can
also initiate such a constitutional review. The submission gained the
support of the required number of MPs, 30 signatures, and a motion was
filed before the Constitutional Court successfully.
The decision of the Constitutional Court of the Slovak Republic was
issued almost a year after the Court of Justice of the European Union
(CJEU) proclaimed the Data Retention Directive invalid in the spring of
2014. At that time, the Constitutional Court of Slovakia promptly
reacted by suspending the collection of data through a preliminary
measure. By the virtue of the decision on 29 April, data collection was
completely cancelled.
So far, only the final outcome of the decision is known. The reasoning
of the court is expected to be available within three months.
EISi's press release: The Slovak Constitutional Court cancelled mass
surveillance of citizens (29.04.2015)
http://www.eisionline.org/index.php/en/projekty-m-2/ochrana-sukromia/109-the-slovak-constitutional-court-cancelled-mass-surveillance-of-citizens
Slovak Constitutional Court Suspends Data Retention Legislation (23.04.2015)
http://www.eisionline.org/index.php/en/projekty-m-2/ochrana-sukromia/74-us-data-retention-suspension
Data Retention before the Slovak Constitutional Court
http://www.eisionline.org/index.php/en/projekty-m-2/ochrana-sukromia/49-slovak-case-on-data-retention
The quest for privacy in Slovakia: The case of data retention
www.giswatch.org/en/country-report/communications-surveillance/slovak-republic
(Contribution by Matej Gera, European Information Society Institute –
EISi, Slovakia)
3. Privacy Cafés launched to improve secure communications in the EP
Ever since the publication of documents from the Snowden archive, which
indicate that the US National Security Agency (NSA) and the UK
Government Communications Headquarters (CGHQ) were behind the
cyber-attacks on the European institutions, an improvement of the
European Parliament's IT security was to be expected. The report by
Civil Liberties Committee Chair Claude Moraes on mass surveillance
therefore called on Directorate-General for Innovation and Support (DG
ITEC), the service in charge of security in the European Parliament, to
carry out a thorough analysis, to make recommendations and to present a
final report in June 2015. Unfortunately, the developments have been
rather slow so far. Two years after the first revelations,
Parliamentarians are still not able to receive or send encrypted
communications.
Therefore, on 21 April 2015, EDRi organised, together with EDRi members
Liga voor Mensenrechten and Access, the first Privacy Café in the
European Parliament (EP). The goal of the Privacy Café was to give
Members of the European Parliament (MEPs) and their assistants an
overview on the importance of protecting their privacy, and to introduce
a selection of practical tools to improve the privacy of their private
and professional communications. After the introductory presentation,
each participant could join one or several hands-on workshops, to learn
about email encryption, mobile messaging or private browsing. The
instructors went through the installation of the tools, and offered
advice and practical help to the participants. Step-by-step instructions
for each tool were also available in printed format.
The European Parliament has a lot to improve from the point of view of
privacy and secure communications; the default solutions on the
professional devices for browsing the Internet, document sharing and
sending internal emails are often not privacy friendly, and installing
add-ons or software enhancing privacy (such as GPG4Win) is made
difficult or impossible.
The event raised a lot of interest and positive attention. To continue
the work to increase awareness of privacy issues within the EP, more
Privacy Cafés are being planned. Among the participants were
representatives from the DG ITEC, the body responsible for providing IT
support to MEPs and Political Groups, and for running of the European
Parliament computing and network centre. EDRi is now in contact with
them, to investigate the possibilities to discuss for improvements to
the current tools and practices in place in the EP.
EDRi-gram: EDRi launches privacy trainings in the European Parliament
(28.01.2015)
https://edri.org/edri-launches-privacy-trainings-in-the-european-parliament/
Belgacom Attack: Britain's GCHQ Hacked Belgian Telecoms Firm (20.10.2013)
http://www.spiegel.de/international/europe/british-spy-agency-gchq-hacked-belgian-telecoms-firm-a-923406.html
Parliamentary question: Regin malware used in cyber attacks on EU
institutions and Belgacom (05.12.2014)
http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+WQ+E-2014-010269+0+DOC+XML+V0//EN
Hand-out: What Is Encryption?
https://edri.org/files/PrivacyCafe_20150421_Encryption.pdf
Hand-out: How to use PGP on a Windows PC
https://edri.org/files/PrivacyCafe_20150421_PGPWindows.pdf
Hand-out: How to use RedPhone on Android
https://edri.org/files/PrivacyCafe_20150421_RedPhone.pdf
Hand-out: How to use Signal – Private Messenger
https://edri.org/files/PrivacyCafe_20150421_Signal.pdf
Hand-out: How to use TextSecure on Android
https://edri.org/files/PrivacyCafe_20150421_TextSecure.pdf
Hand-out: How to leave fewer traces while you’re surfing
https://edri.org/files/PrivacyCafe_20150421_FewerTraces.pdf
4. Emotion tracking company gets funding from the European Commission
Realeyes is a London based start-up company that tracks people's facial
reactions through webcams and smartphones in order to analyse their
emotions. The analysed data is used to help companies maximise the
impact of their advertising and market research campaigns. The
technology allows the companies to know how consumers feel when they
view the video content.
Realeyes has just received a 3,6 million euro funding from the European
Commission to further develop emotion measurement technology. This grant
is part of Horizon 2020, an EU research and innovation programme
designed to encourage European competitiveness. This is happening at the
same time as, the EU is trying to reform the current data protection
legislation. In the absence of a meaningful update of the current legal
framework, it is questionable whether the current data protection law
can provide an adequate level of protection, and be effective in
balancing different interests when it comes to profiling.
The technology is based on six basic emotional states that, according to
the research of Dr Paul Ekman, a research psychologist, are universal
across cultures, ages and geographic locations. The automated facial
coding platform records and then analyses these universal emotions:
happiness, surprise, fear, sadness, disgust and confusion. The company
is planning to develop the technology so that in the future even liking,
boredom or attraction could be measured.
According to those supporting the use of such technology, this
technological development could be a very powerful tool not only for
advertising agencies, but as well for improving classroom learning,
increasing drivers' safety, or to be used as a type of lie detector test
by the police. To participate in the study for testing and developing
the tool, people are asked to give their consent and then share their
subconscious responses to the content presented by simply using the webcam.
However, the technology raises some serious privacy concerns regarding
the usage, storage and control of the data collected. First of all, the
software not only detects consumers' facial expression, but also a
person's gender and age bracket. Furthermore, according to the Realeyes
privacy policy, even IP addresses and website usage information are
being collected by placing cookies on consumers' computers. All the
collected data is being stored in a massive database, and the company
has the possibility to combine all the data sets in order to build a
more specific profile of a person. Lastly, the vague definition of
retention period does not provide any degree of control or
predictability to consumers, since the privacy policy says that personal
information will be stored "for as long as it is required" for their
research and business purposes. According to Anna Fielder, board chair
of Privacy International, it is questionable whether the consumers, when
consenting to the study, can truly understand how the technology was
being implemented.
Profiling represents one of the biggest challenges for privacy due to
the mass surveillance and technological capabilities of linking and
analysing all the widely available data. Bearing in mind, for example,
that the European Commission, in its proposal for the update of data
protection legislation, introduced an option for Member States not to
implement protections against profiling, its approach to this important
issue seems profoundly reckless.
Emotion tracking start-up gets EU funding boost (17.04.2015.)
http://blogs.wsj.com/digits/2015/04/17/emotion-tracking-startup-gets-eu-funding-boost/
Webcam-based emotion ad tracking is a real thing and big brands are
doing it (27.04.2015.)
http://adexchanger.com/online-advertising/webcam-based-emotion-ad-tracking-is-a-real-thing-and-big-brands-are-doing-it/
Realeyes FAQs
http://www.realeyes.me/faqs
Realeyes Privacy Policy
http://www.realeyes.me/privacy
Googling your brain: latest "data protection" proposals from Council
(14.01.2015.)
https://edri.org/googling-your-brain-latest-data-protection-proposals-from-council/
(Contribution by Morana Perušić, EDRi intern)
5. Turkish student sentenced for re-tweeting satirical news
A Turkish university student was sentenced for one year for re-tweeting
a satirical article that appeared on "Zaytung", a popular Turkish
website which publishes false and satirical stories in a journalistic style.
Meral Tutcali, a student in Anadolu University, was sentenced by the
provincial court of Adana to one year in jail for “insulting a public
official”, after she re-tweeted Zaytung's article, which reported
satirically that former Adana governor Huseyin Avni Cos declared his
autonomy. The article included an illustration showing the Governor in a
military vehicle, surrounded by guards. The picture was taken during a
national holiday during which it's customary for governors to appear in
such parades. Tutcali’s house was raided twice by police for her retweet.
The court later suspended the sentence, as Tutcali had no previous
criminal record. She was, however, warned that if she commits another
similar offence in the next five years, the sentence will be imposed.
Zaytung was not prosecuted for it's original article.
Zaytung
http://www.zaytung.com/
Turkish college student convicted for tweeting satirical news story
(23.04.2015)
http://www.nytimes.com/2015/04/24/world/europe/turkish-college-student-convicted-for-tweeting-satirical-news-story.html?_r=0
Turkish student gets suspended jail sentence for retweeting satirical
article on Twitter (23.04.2015)
http://www.independent.co.uk/news/world/europe/turkish-student-gets-suspended-jail-sentence-for-retweeting-satirical-article-on-twitter-10198146.html
University student sentenced to jail for retweeting satirical article
(22.04.2015)
http://www.hurriyetdailynews.com/university-student-sentenced-to-jail-for-retweeting-satirical-article.aspx?pageID=238&nID=81411&NewsCatID=341
Turkish student sentenced to prison for retweeting satirical article
(22.04.2015)
http://www.zerohedge.com/news/2015-04-22/turkish-student-sentenced-prison-retweeting-satirical-article
6. Digital Single Market: A missed opportunity
The European Commission (EC) published its Digital Single Market (DSM)
strategy on 6 May 2015. EDRi is thoroughly studying the DSM strategy and
its impacts on European citizens' digital rights.
A day before the official publication of the strategy, EDRi issued a
press release expressing concerns based on the analysis of the leaked
drafts (Draft Communication and Evidence Note). EDRi identified a number
of points that raise concerns regarding, inter alia:
Privatised law enforcement
- We have concerns regarding Commissions' plans for "ad hoc" enforcement
activities by internet intermediaries that already lead to restrictive
measures imposed outside the rule of law.
- The Commission seems eager to outsource online law enforcement through
"self-regulation" projects, while ignoring the risks that the sanctions
imposed by intermediaries pose for the fundamental rights of citizens,
the risk that such measures are not effective, proportionate or
effective and the lack of safeguards, to prevent abuses.
"Intellectual Property Rights" infringements
- The Commission has decided to adopt an undefined "follow the money
approach", which may be little more than an approval of the "right" of
foreign payment providers and advertising networks to arbitrarily
withdraw their services, if they fear that foreign laws are being breached.
- The Commission continues to offer its intention to restrict
enforcement measures to "commercial scale infringements", as some form
of safeguard. It is doing this despite its own public admission that
this term needs a clearer definition.
Copyright
- We welcome the Commission's intention to create an EU legal framework
on text and data mining.
- The Commission calls for the harmonisation of exceptions and
limitations in EU copyright law, but without any indication of what this
will mean in practice. What are the negative experiences that would hold
the Commission back from making all existing exceptions and limitations
mandatory?
Geoblocking
- The text expressed a positive approach towards removal of geoblocking,
although its reference to "unjustified" geoblocking means that
everything or nothing could be ultimately proposed by the Commission.
Data protection and the right to privacy
- The Commission acknowledges that massive amount of personal data are
being collected and analysed (Big Data) and calls for the exploitation
of these data without effective safeguards.
- The Commission seems to seek to reinforce "trust and security in the
handling of personal data". To do that, it proposes an unspecified
“review” of the e-Privacy Directive with no goal other than the vague
"level playing field" that certain operators have lobbied for. The
analysis is so vague that even a repeal of the Directive is possible.
Telecommunications
- The Digital Single Market's success greatly depends on the outcome of
the Telecommunications Single Market Regulation. However, it appears
increasingly clear that the Commission is prepared to accept any
outcome, for the sake of closing the file, regardless of possible
negative effects on European citizens or the European economy.
Our comprehensive analysis of the official Digital Single Market
strategy will be published shortly.
EDRi Press release: Digital Single Market: Will citizens be at the
centre of the Commission’s plans (05.05.2015)
https://edri.org/digital-single-market-will-citizens-be-at-the-centre-of-the-commissions-plans/
EC Digital Single Market strategy
http://ec.europa.eu/priorities/digital-single-market/index_en.htm
EC Press release: A Digital Single Market for Europe: Commission sets
out 16 initiatives to make it happen (06.06.2015)
http://europa.eu/rapid/press-release_IP-15-4919_en.htm
Leaked draft DSM Communication (pdf) (12.04.2015)
http://keionline.org/misc-docs/1/DSMscan-Communication-12-04-2015-OCR.pdf
Leaked Draft Evidence Note (pdf) (20.04.2015)
http://g8fip1kplyr33r3krz5b97d1.wpengine.netdna-cdn.com/wp-content/uploads/2015/04/Digital-Single-Market-Evidence.pdf
Joint stakeholder letter on intermediary liability protections (pdf)
(27.04.2015)
https://www.ccianet.org/wp-content/uploads/2015/04/Open-Stakeholder-intermed-liability-protections.pdf
7. Recommended Action
Become an official EDRi Supporter!
European Digital Rights fights for your right to privacy, freedom of
expression, modernisation of copyright rules, legal protection for net
neutrality and against new European proposals for mass surveillance. Our
work is only possible with the continued financial support of donors
like you!
https://edri.org/supporters/
8. Recommended Reading
In a letter to Congress senior US legal experts and a Nobel laureate in
economic sciences write that investor-to-state dispute settlement (ISDS)
is antithetical to the rule of law
http://wapo.st/1zhI2O4
The data retention tsunami: how EU Member States are reacting to the
annulment of the data retention directive (27.04.2015)
https://radiobruxelleslibera.wordpress.com/2014/06/27/data-retention-down-in-austria/
ISDS: diplomatic blunder Malmström threatens democracy and privacy
https://blog.ffii.org/isds-diplomatic-blunder-malmstrom-threatens-democracy-and-privacy/
9. Agenda
05-07.05.2015, Berlin, Germany
re:publica 15
https://re-publica.de/
22.05.2015, Sarajevo, Bosnia and Herzegovina
POINT 4.0
http://point.zastone.ba/en/
25.05.2015, Florence, Italy
Summer School for Journalists and Media Practitioners: Freedom and
Pluralism of Traditional and New Media
http://cmpf.eui.eu/training/summer-school-2015.aspx
15.10.2015, Brussels, Belgium
Big Brother Awards Belgium
https://bigbrotherawards.be
12. About
EDRi-gram is a fortnightly newsletter about digital civil rights in
Europe. Currently EDRi has 33 members based or with offices in 19
different countries in Europe. European Digital Rights takes an active
interest in developments in the EU accession countries and wants to
share knowledge and awareness through the EDRi-gram.
All contributions, suggestions for content, corrections or agenda-tips
are most welcome. Errors are corrected as soon as possible and are
visible on the EDRi website.
Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/
Newsletter editor: Heini Jarvinen edrigram@edri.org
Information about EDRi and its members: http://www.edri.org/
European Digital Rights needs your help in upholding digital rights in
the EU. If you wish to help us promote digital rights, please consider
making a private donation.
https://edri.org/donate/
- EDRI-gram subscription information
subscribe by e-mail
To: edri-news-request@mailman.edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
Unsubscribe by e-mail
To: edri-news-request@mailman.edri.org
Subject: unsubscribe
- EDRI-gram in Macedonian
EDRI-gram is also available partly in Macedonian, with delay.
Translations are provided by Metamorphosis
http://www.metamorphosis.org.mk/mk/vesti/edri
- EDRI-gram in German
EDRI-gram is also available in German, with delay. Translations are
provided by Andreas Krisch from the EDRI-member VIBE!AT - Austrian
Association for Internet Users
http://www.unwatched.org/
- Newsletter archive
Back issues are available at:
http://www.edri.org/newsletters/
- Help
Please ask edrigram@edri.org if you have any problems with subscribing
or unsubscribing.
