The latest EDRi-gram

*So, the "French Patriot Act," is it?

*Do we get an order of American Freedom-Fries with that?

======================================================================

EDRi-gram

fortnightly newsletter about digital civil rights in Europe

EDRi-gram 13.15, 29 July 2015

Read online: https://edri.org/edri-gram/13-15/

1. French Constitutional Council approves sweeping surveillance powers
2. A new wave of Internet blocking in Turkey
3. European Commission will “monitor” existing EU data retention laws
4. David Wessel: "I get between three and five take down notices daily"
5. ENDitorial: European Parliament – translating freedoms into Chinese
6. Recommended Action
7. Recommended Reading
8. Agenda
9. About

On 23 July, the French Constitutional Council approved sweeping
surveillance powers for intelligence agencies. In its decision, the
Council declared almost all provisions constitutional, in contradiction
to vehement opposition from civil rights groups, human rights experts,
academia and the online business sector. The “Loi Renseignement” (also
dubbed the “French Patriot Act”) was passed by the French National
Assembly on 24 June and allows intelligence agencies to tap phone and
emails without judicial permission.

With regard to the scope of the law, the Council added only a few
explanations in order to limit the extensive scope of grounds (the fight
against collective violence and terrorism, the defence or promotion of
major interests in foreign policy, economy, industry and science) that
allow for surveillance by intelligence agencies.

Once the grounds are defined and duly justified, instead of a judicial
approval, security officials need to request an authorisation from the
newly created "National Committee for Control on Intelligence
Techniques" (CNCTR). The Council ruled that the composition of the
CNCTR, despite the fact that its members are appointed by political
institutions, will be able to provide sufficient oversight and is thus
in line with the French constitution. Unfortunately, the Council failed
to provide any sort of analysis that would back up this decision.

Only last week, the United Nations Committee for Human Rights stated
that the French law "grants overly broad powers for very intrusive
surveillance on the basis of vast and badly defined objectives" and
called on the French government to "guarantee that any interference in
private life must conform to principles of legality, proportionality and
necessity".

France's intelligence services can now deploy the list of surveillance
measures, they now have the power to:
- require internet service providers to install so-called “black boxes”
to collect communications metadata directly from Internet companies, and
to use algorithms to automatically flag suspect behaviour online;
- remotely install trojan horses on personal computers to access camera,
microphone and passwords;
- deploy real-time localisation of a person, vehicle or object;
- collect metadata via fake relay antennas for mobile phones
(International Mobile Subscriber Identity, or IMSI catchers in short) to
intercept traffic data and track the movement of phone users in a
specific area;
- carry out surveillance of lawyers, judges, parliamentarians and
journalists.

The Council struck down only three of the law's provisions, including
one that would have allowed the services to intercept overseas
communications. The problem is that other sections of the law that were
not invalidated, clearly give responsibility to these services to act
abroad. This is for instance the case of the new Article L. 811-2 of the
Code of Homeland Security (CSI). Another provision (Article L821-6 new,
CSI) that was invalidated would have allowed intelligence services to
carry out surveillance without authorisation from the Prime Minister in
"emergency cases" since it considered that this would be a
disproportionate interference with the right to privacy. The last
provision that was declared unconstitutional concerned the annual budget.

The French civil liberties group La Quadrature du Net regretted that
[t]his decision is extremely disappointing. The judges of the
Constitutional Council decided to summarily dismiss the numerous
arguments raised in the dozen briefs submitted to the Constitutional
Council by many players in the defence of fundamental rights.

While some provisions of this law will now come directly into effect,
others first need to be implemented by a series of decrees. However, La
Quadrature du Net declared that it now wants to continue its fight,
especially on a European level.

UN International Covenant on Civil and Political Rights report (24.07.2015)
http://tbinternet.ohchr.org/_layouts/treatybodyexternal/SessionDetails1.aspx?SessionID=899&Lang=en
http://tbinternet.ohchr.org/_layouts/treatybodyexternal/Download.aspx?symbolno=CCPR%2fC%2fFRA%2fCO%2f5&Lang=en

EDRi-gram: French surveillance billpushed ahead despite massive
criticism (22.4.2015)
https://edri.org/french-surveillance-bill-pushed-ahead-despite-massive-criticism/

Shame on France: French Constitutional Council Widely Approves
Surveillance Law! (24.7.2015)
https://www.laquadrature.net/en/shame-on-france-french-constitutional-council-widely-approves-surveillance-law

The Loi Renseignement is published in the Official Journal. What now?
http://www.nextinpact.com/news/95934-la-loi-renseignement-publiee-au-journal-officiel-et-maintenant.htm

(Contribution by Kirsten Fiedler, EDRi)

On 25 July, the Turkish government ordered the blocking of 65 popular
dissident and Kurdish websites and temporarily slowed down Twitter and
Facebook access. This follows the government's air attack against the
Islamic State (Isis) and Kurdish forces in Syria. A few days earlier,
Twitter was blocked entirely for a few hours.

On 20 July, an Isis suicide bomber killed 31 members of a youth
organisation who were visiting the South Eastern town of Suruç to
deliver humanitarian aid to war-torn Kobani. The Turkish government,
which is increasingly under pressure for its alleged support to Isis and
other al-Qaeda derivatives in Syria, reacted by attacking Isis in
northern Syria. Kurdish forces, however, received an allegedly harsher
attack from the Turkish government despite their ongoing fight against Isis.

The government's change of policy is also reflected on pro-Isis websites
that were blocked in mid-July. Prior to the attacks, they were allowed
to operate freely within the country and had been used for recruitment
and propaganda purposes.

The newly blocked websites joined the list of over 81 000 others which
are compiled by engelliweb.com.

Turkey blocks Kurdish websites as Twitter and Facebook slows down
(25.07.2015)
http://www.hurriyetdailynews.com/turkey-blocks-kurdish-websites-as-twitter-and-facebook-slows-down.aspx?pageID=238&nid=85917

AKP-backed ISIL group massacres at least 30 in southeastern Turkey
(21.07.2015)
http://www.sendika.org/2015/07/akp-backed-isil-group-massacres-at-least-30-in-southeastern-turkey/

Turkey blocks Twitter following suicide bomb attacks (22.07.2015)
http://www.dw.com/en/turkey-blocks-twitter-following-suicide-bomb-attacks/a-18599198

Turkey sends in jets as Syria’s agony spills over every border (26.07.2015)
http://www.theguardian.com/world/2015/jul/26/isis-syria-turkey-us

Efe Kerem Sozeri on Twitter (26.07.2015):

Nato backs Turkey on IS as Ankara confirms attack on Kurds (29.07.2015)
https://www.irishtimes.com/news/world/europe/nato-backs-turkey-on-is-as-ankara-confirms-attack-on-kurds-1.2300050

The European Commission (EC) told EDRi that it “will continue monitoring
legislative developments at the national level” regarding the existence
of data retention laws in EU Member States. The EC provided this
non-committal response to the letter we sent on 2 July 2015, asking the
Commission to investigate illegal data retention laws in the European Union.

EDRi, along with the Electronic Frontier Finland (EFF), the IT-Political
Association of Denmark (IT-Ροl), the Open Rights Group (ORG), Panoptykon
and other EDRi members, produced an analysis of a sample of existing
national laws in EU Member States which requires the retention of their
citizens' personal data. Even though the Court of Justice of the
European Union (CJEU) invalidated the Data Retention Directive in April
2014 in the Digital Rights Ireland Case v. Minister for Communications
case (Joined Cases C-293/12 and C-594/12), there are still a number of
existing and national laws in the EU which appear to be illegal in light
of this ruling.

EDRi's analysis sent to the European Commission concluded that the
existing laws in at least six countries appear to be in contravention to
the Charter of Fundamental Rights. The Commission, as guardian of the
treaties, is legally required to do the necessary further research and
ensure that Member States bring their practices into line with EU law,
making use of the infringement procedures if necessary. If the
Commission continues only “monitoring”, with million of EU citizens
being subject to illegal data retention laws one year after the CJEU
ruling, this will not be enough.

It is worth remembering that, before the Directive was struck down by
the Court of Justice of the European Union, the European Commission used
its powers aggressively to both threaten and apply every legal sanction
available to force Member States to implement the legislation. The
Commission furthermore refused a freedom of information request from
Access Info Europe requesting access to relevant document from these cases.

“[T]he fact that data are retained and subsequently used without the
subscriber or registered user being informed is likely to generate in
the minds of the persons concerned the feeling that their private lives
are the subject of constant surveillance”
- Court of Justice of the European Union in the 2014 Digital Rights
Ireland case (Joined Cases C-293/12 and C-594/12), para. 37

The European Commission’s response to EDRi's letter (28.07.2015)
https://edri.org/files/eudatap/Re_EC_EDRi-GDPR.pdf

European Digital Rights asks the European Commission to investigate
illegal data retention laws in the EU (02.07.2015)
https://edri.org/edri-asks-european-commission-investigate-illegal-data-retention-laws/

European Parliament Legal Service Opinion on CJEU Data Retention ruling
(14.01.2015)
https://edri.org/legal-service-opinion-on-cjeu-data-retention-ruling/

EDRi: Data retention: EU Commission – guardian and enemy of the treaties
(17.12.2014)
https://edri.org/data-retention-eu-com-guardian-enemy/

Digital Rights Ireland Case v. Minister for Communications case (Joined
Cases C-293/12 and C-594/12)
http://curia.europa.eu/juris/document/document.jsf?docid=150642&mode=req&pageIndex=1&dir=&occ=first&part=1&text=&doclang=EN&cid=334440

Update on the status of data retention laws in Europe (28.07.2015)
http://mslods.com/2015/07/28/update-on-how-the-west-is-backing-away-from-data-retention/

Data retention: Commission takes Germany to Court requesting that fines
be imposed (31.05.2015)
http://europa.eu/rapid/press-release_IP-12-530_en.htm

Access Info Europe document request: Infringement proceedings Data
Retention Directive (2006/24/) (18.11.2012)
http://www.asktheeu.org/en/request/infringement_proceedings_data_re

Court of Justice of the European Union in the 2014 Digital Rights
Ireland case (Joined Cases C-293/12 and C-594/12), para. 53
http://curia.europa.eu/juris/document/document.jsf?docid=150642&mode=req&pageIndex=1&dir=&occ=first&part=1&text=&doclang=EN&cid=334440

(Contribution by Diego Naranjo, EDRi)

This is a translation in the 50th edition of a series hosted at
rechtaufremix.org, entitled "Remixers". The series is about people and
their experiences and attitudes to remixing and the remix culture. The
50th edition went back to talk to the very first interviewee: David
Wessel aka Mashup-Germany.

David Wessel was born in Cologne, but has a US passport and lives in
Frankfurt. For several years, under the name Mashup Germany, he has very
successfully produced audio mashups and publishes these for free on the
Internet. He has supported the initiative for a right to remix from its
very start in May 2013. He gave the first interview in this series, in
which he spoke of the "greatest generation gap since the '68 movement".
The legally precarious nature of his work became clear again recently,
when the online audio platform SoundCloud locked his account
recently, due to allegations of multiple copyright infringements.

David, you are currently in a battle with SoundCloud - what happened?

My SoundCloud account "MashupGermany" has been blocked after it was the
subject of a third so-called "strike" due to allegations of copyright
infringement. In such circumstances, an account is normally deleted
after seven days. My account is still online, but I can no longer use it
actively and I receive daily between three and five further “strikes”.
In previous years, I was left peace.

... And what's the problem?

As you can read in the press, SoundCloud is currently under considerable
pressure from the major labels exposed, and the tightening and more
rigid implementation of its take-down policy may be the result. But
perhaps the content recognition algorithm was also improved, or maybe
the conversion of my accounts on the hypeddit-system (requiring the user
has to post a comment on a track before he or she can download it),
could have wakened sleeping dogs. But all of this is just speculation.

Have you tried to contact with the labels? What was their reaction?

I have spoken with the Copyright Division of Sony. They reacted with a
great degree of understanding, but unfortunately they have their hands
tied. The takedown notices came from the International Federation of the
Phonographic Industry (IFPI), which represents the Sony in enforcing
their copyright and ancillary rights worldwide.

One of the “strikes” was due to "Wadde Funk Da", a production that I had
produced for Brainpool and for my visit to TV Total. Unfortunately, the
rights acquired were only in the context of that activity and not for
the streaming on SoundCloud. Another “strike” was my "REBOOT: SUMMER" DJ
Mix, which is about 90 minutes. Unfortunately neigher SoundCloud nor
Sony were able to specify what part of the recording was the subject of
the notice. This means that I have no possibility of being able to
defend myself against the notices against this nor against the notice
regarding"Uppers & DOWNERS" Mashup Mix, which represents the third
“strike” of the Universal Music Group.

If your account should be closed, do you already have plans and ideas
for an alternative?

I am pursuing different options for presenting my mashups in the future.
However, this also includes a variant that does not use any downloads. I
would find this very unfortunate, but the current situation leaves few
options.

You have now more than 250 000 Facebook fans, which puts you at the
level of a pop star. However, your mashups are rarely played on the
radio – do you get any requests from radio stations?

My mashups run regularly in almost all German channels. On 1Live, I've
been taking part in the programme, for about a year for example, and
contributed new mixes and mashups for Rock am Ring or 1Live crown.
Mashups are though extremely rare in the daily playlists of radio
stations, however, which is primarily due to the unclear legal situation.

That is why we have launched the online Mashup Radio channel at
Iloveradio.de about two years ago. I put the music together and the best
mashups run from around the world 24/7. About a year ago we also started
the German Mashup charts, in particular to encourage newcomers to the scene.

Like many other mashup artists, you've long called for a "right to
remix". However, there are hardly mainstream artists who address this
point, or want to. Why is that?

Because they aren't suffering enough from the current situation and out
of fear of repression. Anyone who rises to speak makes himself or
herself visible and becomes a bigger target. A lot of artists,
particularly better known artists fear this. Also, many of these, sooner
or later, fall back into the segment that focus on monetising their own
productions.

What happens next for you?

I was just able to recover in Sweden for a week after the last few weeks
of festivals. I sat a lot on the plane and was often pelted with paint
or water. There are still some festivals this year and then I would
like, before the autumn starts the next club tour, to concentrate on
production. In the coming months, "Deep Exception - Vol.3", a Deep House
Mashup set, and the mashup to "1Live Krone 2015" are on the agenda. It
will be exciting.

Right to remix Interview with David Wessel: "I get between three and
five take down notices daily" (only in German, 24.07.2015)
http://rechtaufremix.org/remixer-50-david-wessel-ich-erhalte-taeglich-zwischen-drei-und-fuenf-strikes/

In the autumn 2015, the Committee on Civil Liberties, Justice and Home
Affairs of the European Parliament (LIBE) will resume its discussions of
a draft resolution on “radicalisation”, led by Rachida Dati, a French
conservative member. Her draft includes several bizarre statements, but
one on Internet “giants” stands out as being particularly extreme.

The proposal includes an entirely superfluous call for “Internet giants”
(but not everyone else?) to be “made aware” of their responsibilities to
delete illegal content. These obligations exist since 2000, and will
therefore hardly be news to any internet company, and certainly not the
ones with the best funded legal departments.

Then, however, the text becomes somewhat more sinister. It calls on EU
Member States to consider criminal sanctions against undefined “digital
actors” who do not take unspecified “action” “in response to the spread
of illicit messages that praise terrorism on their internet platforms”.
The proposal then goes on to suggest that an inadequate response from
the the actor “should be considered an act of complicity with praising
terrorism and should consequently be punished”. This would create an
overwhelming pressure on any company, organisation or individual whose
online presence could be considered to be a “platform” – particularly
smaller ones that could not afford any litigation – to delete any
content that risked subsequently being considered illegal.

The first question that needs to be asked is why? What is the experience
in Europe that suggests that Internet platforms are leaving illegal
terrorist material online? What is the experience that is so severe that
criminal sanctions are necessary? What is the experience that shows
that, in any European country, the existing sanctions are not adequate?
In a democratic society, is it appropriate to use coercive measures to
persuade private companies to delete content in the complete absence of
any counterbalancing obligations to leave legitimate (even if unwelcome)
speech online?

Dati's suggestion would bring Europe very closely into line with the
Chinese law on “Measures on the Administration of Internet Information
Services” that was adopted in 2000.

As bad as this is, it actually gets worse. When Members of the
Parliament (MEPs) were drafting their amendments, they relied on
translations that drifted away from the original meaning. For example,
the English translation would make Internet companies liable for
“illegal messages OR messages praising terrorism” i.e. the platforms
would become criminally liable for failing to take action against
messages that were not, in fact, illegal.

Worse still, rather than objecting to this notion, the Parliamentarian
representing the Socialists and Democrats group, the “shadow rapporteur”
Ana Gomes, suggested that law enforcement authorities should have the
quasi-judicial role of telling Internet companies what they should
delete and, in addition, that they should become criminal liability for
failing to do everything “to the best of their human and technical
capability” not just to delete illegal content, but to identify it as
well. Instead of the rule of law and a Charter of Fundamental Rights
that requires restrictions on our human right to be necessary,
proportionate and effective, we would have the police as judges and
automatic software finding and automatically deleting anything that
would create a legal risk for Internet companies.

This would make European law somewhat more restrictive than those of
China's Administrative Measures on Internet Information Services (2000),
which do no require proactive searching for potentially illegal content:

Article 15. Internet information service providers shall not produce,
reproduce, distribute or disseminate information that includes the
following contents:
(1) content that is against the basic principles determined by the
Constitution;
(2) content that impairs national security, divulges State secrets,
subverts State sovereignty or jeopardizes national unity;
(3) content that damages the reputation and interests of the State;
(4) content that incites ethnic hostility and ethnic discrimination or
jeopardizes unity among ethnic groups;
(5) content that damages State religious policies or that advocates
sects or feudal superstitions;
(6) content that disseminates rumors, disturbs the social order or
damages social stability;
(7) content that disseminates obscenity, pornography, gambling,
violence, homicide and terror, or incites crime;
(8) content that insults or slanders others or that infringes their
legal rights and interests; and
(9) other content prohibited by laws or administrative regulations.
Article 16. If an Internet information service provider discovers that
information transmitted by its website clearly falls within the contents
listed in Article 15 hereof, it shall immediately discontinue the
transmission of such information, keep relevant records and make a
report to relevant State authorities.

LIBE Draft Report on prevention of radicalisation and recruitment of
European citizens by terrorist organisations (2015/2063(INI)) (01.06.2015)
http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-%2f%2fEP%2f%2fNONSGML%2bCOMPARL%2bPE-551.967%2b01%2bDOC%2bPDF%2bV0%2f%2fEN

LIBE Draft Report on prevention of radicalisation and recruitment of
European citizens by terrorist organisations (2015/2063(INI)) (in
French, 01.06.2015)
http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-%2f%2fEP%2f%2fNONSGML%2bCOMPARL%2bPE-551.967%2b01%2bDOC%2bPDF%2bV0%2f%2fFR

Amendments on prevention of radicalisation and recruitment of European
citizens by terrorist organisations (03.07.2015)
http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-%2f%2fEP%2f%2fNONSGML%2bCOMPARL%2bPE-560.923%2b01%2bDOC%2bPDF%2bV0%2f%2fEN

China's Administrative Measures on Internet Information Services
(20.09.2000)
http://www.china.org.cn/business/2010-01/20/content_19274704.htm

(Contribution by Joe McNamee, EDRi)

Enjoy your holidays!

UK Court rules DRIPA unlawful (22.07.2015)
https://www.openrightsgroup.org/blog/2015/uk-court-rules-dripa-unlawful

High Court rules that DRIPA is unlawful (17.07.2015)
https://www.openrightsgroup.org/press/releases/org-response-to-high-court-ruling-that-dripa-is-unlawful

EU PNR document pool (27.07.2015)
https://edri.org/eu-pnr-document-pool

13.08.2015, Zehdenick, Germany
Chaos Communication Camp
https://events.ccc.de

15.10.2015, Brussels, Belgium
Big Brother Awards Belgium
https://bigbrotherawards.be

16.10.2015, Brussels, Belgium
Freedom not Fear 2015
https://www.freedomnotfear.org/

16.10.2015, Brussels, Belgium
EDRi members meetup

16.10.2015, Brussels, Belgium
Freedom not Fear
https://www.freedomnotfear.org/

04.11.2015, Warsaw, Poland
CopyCamp Conference 2015 – Understanding the Social Impacts of Copyright
http://copycamp.pl/en/

06.11.2015, Erlangen, Germany
FIfF-Conference 2015: Commercialisation of the Soci(et)al – Markets and
Power in the Age of Total Datafication
http://www.fiff.de/

17.11.2015, Brussels, Belgium
EUhackathon

27.12.2015, Hamburg, Germany
32C3
https://events.ccc.de

EDRi-gram is a fortnightly newsletter about digital civil rights in
Europe. Currently EDRi has 33 members based or with offices in 19
different countries in Europe. European Digital Rights takes an active
interest in developments in the EU accession countries and wants to
share knowledge and awareness through the EDRi-gram.

All contributions, suggestions for content, corrections or agenda-tips
are most welcome. Errors are corrected as soon as possible and are
visible on the EDRi website.

Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/

Newsletter editor: Heini Jarvinen edrigram@edri.org

Information about EDRi and its members: http://www.edri.org/

European Digital Rights needs your help in upholding digital rights in
the EU. If you wish to help us promote digital rights, please consider
making a private donation.
https://edri.org/donate/

- EDRI-gram subscription information
subscribe by e-mail
To: edri-news-request@mailman.edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
Unsubscribe by e-mail
To: edri-news-request@mailman.edri.org
Subject: unsubscribe

- EDRI-gram in Macedonian
EDRI-gram is also available partly in Macedonian, with delay.
Translations are provided by Metamorphosis
http://www.metamorphosis.org.mk/mk/vesti/edri

- EDRI-gram in German
EDRI-gram is also available in German, with delay. Translations are
provided by Andreas Krisch from the EDRI-member VIBE!AT - Austrian
Association for Internet Users
http://www.unwatched.org/

- Newsletter archive
Back issues are available at:
http://www.edri.org/newsletters/

- Help
Please ask edrigram@edri.org if you have any problems with subscribing
or unsubscribing.