Feb 22, 2017 1:10 PM

The latest EDRi-gram

*Probably sending them some money would be a good idea, unless you
are in Macedonia where apparently everybody is getting hacked by everybody.

======================================================================
EDRi-gram
fortnightly newsletter about digital civil rights in Europe
EDRi-gram 15.4, 22 February 2017
Read online: https://edri.org/edri-gram/15-4/
=======================================================================
Contents
1. Illegal surveillance against civil society continues in Macedonia
2. Proposed Espionage Act threatens free speech in the UK
3. Dutch House of Representatives passes dragnet surveillance bill
4. What does your browsing history say about you?
5. New legal framework for predictive policing in Denmark
6. The UK Digital Economy Bill: Threat to free speech and privacy
7. Consultation on multilateral investment court misses the point
8. Lead Parliamentarian for Culture Committee defends upload filtering
9. Unclear Terrorism Directive creates risks for citizens' security
10. Recommended Action
11. Recommended Reading
12. Agenda
13. About
=======================================================================
1. Illegal surveillance against civil society continues in Macedonia
Macedonian civil society organisations advocating for human rights and
democracy have come under increasing pressure by the authorities. They
have previously been caught up in use of the state apparatus for massive
illegal surveillance, including wiretapping of activists.
An open letter signed by 127 civil society organisations was published
on 9 February 2017. It appeals to all stakeholders to help “protect,
maintain, and promote the civil society from all threats targeting this
sector and to reject any and all ungrounded attacks and lies this sector
has been exposed to”.
The activities undermining civil society are a culmination of the
political crisis resulting from revelations of systemic corruption. As
noted by the EU country report for 2016: “Democracy and rule of law have
been constantly challenged, in particular due to state capture affecting
the functioning of democratic institutions and key areas of society. The
country suffers from a divisive political culture and a lack of capacity
for compromise.”
—————————————————————–
Support our work - make a recurrent donation!
https://edri.org/supporters/
—————————————————————–
After the parliamentary elections on 11 December 2016, the leader of the
incumbent ruling party Internal Macedonian Revolutionary Organization –
Democratic Party for Macedonian National Unity (VMRO-DPMNE) Nikola
Gruevski openly peddled conspiracy theories of collusion between
“foreign forces”, the opposition, and the civil society organisations,
and announced a final showdown with the NGOs, promising to “cleanse” the
civil sector.
In parallel with intensifying continuous defamation campaign against
civil society organisations by pro-government media and surrogate
groups, state institutions such as Public Revenue Service started
selective inspections placing additional administrative burdens on the
organisations. This increased the fears amongst activists because, in
the course of 2016, their personal data and some financial data
controlled by state institutions were illegally disclosed by
pro-government media. Such confidential data were also distributed via
flyers ahead of the elections, apparently in order to cause distrust
against them as “foreign mercenaries”.
The 21 civil society organisations which were direct subjects to these
inspections, including EDRi member Metamorphosis, all participated in a
campaign entitled “We decide” that took place before the elections. The
campaign included citizen education and awareness raising about the
right to vote, the legal provisions against election fraud, and in
particular addressed the issue of confidentiality of the vote. Due to
fear of surveillance, a large percentage of Macedonian citizens think
their ballot is not secret, and that political parties can find out how
they've voted. One of the goals of the campaign was to encourage them to
vote according to their own preferences, despite their fears.
On at least two occasions, pro-government media has published
screenshots or copies of e-mails sent between some of these
organisations. Such intimidation tactics suggest that malicious hacking
or other forms of illegal surveillance are being used.
On 7 February 2017, the affected civil society organisations held a
press conference stating that the allegations of wrongdoing are untrue
and intended to intimidate and silence the civil society sector and
independent media, and demanding retractions and apologies.
The authorities have not provided an official response to the publicly
stated concerns of the civil society organisations.
Independent research indicates that Macedonia has been backsliding from
democracy since 2008. It keeps getting lower ratings at international
indices of democratic development. Freedom House’s Freedom in the World
2016 report designates the country as “partly free”, while its Freedom
of the Press 2016 report listed Macedonia as “not free”. Only other
European countries with similar rankings include Belarus, Russia, and
Turkey. Reporters without Borders lowered Macedonia’s rank to 188th
place in the 2016 World Press Freedom Index (down from 34th in 2009).
The country entered an open political crisis in February 2015 as the
opposition disclosed evidence of mass surveillance and systemic
corruption. In September 2015, as part of the urgent reforms enacted
with mediation of the EU and NATO, a Special Prosecution Office (SPO)
was established to investigate the criminal activity related to illegal
surveillance.
In September 2016, after a video showing browsing through an SPO inbox
was published on YouTube by an anonymous user, the SPO confirmed that
their email had been subject to hacking in December 2015. No further
information is available about whether the case was resolved.
According to the SPO statement from 18 November 2016, they have a
reasonable suspicion that massive illegal interception of communications
by the state services without a necessary court warrant has taken place
since 2008, including during 2015 and 2016. The SPO gathered evidence
indicating that ten high-ranking “suspects took advantage of their
official position and authority to the detriment of the resources of the
state by misusing the systems for interception of communications,
thereby seriously violating the basic human right of the citizens who
were wiretapped illegally.”
Confirming the conclusions of the report by Senior Expert Group, led by
former EU Commission Director Reinhard Priebe from June 2015, the SPO
gathered evidence suggesting that the massive illegal surveillance was
conducted using the systems of the Administration for Security and
Counterintelligence, a part of the Ministry of Interior. They noted the
use of three different surveillance systems for warrantless wiretapping
of thousands of phone numbers. Two of these systems were destroyed after
the revelation of illegal wiretapping operations by the opposition in
early 2015. The third one is still in use, without independent
oversight. The SPO is conducting a separate investigation regarding the
unlawful destruction of evidence.
—————————————————————–
Support our work with a one-off-donation!
https://edri.org/donate/
—————————————————————–
European Commission: The former Yugoslav Republic of Macedonia 2016
Report (09.11.2016)
https://ec.europa.eu/neighbourhood-enlargement/sites/near/files/pdf/key_documents/2016/20161109_report_the_former_yugoslav_republic_of_macedonia.pdf
SOS: An unregistered NGO, GONGO or PONGO? (15.02.2017)
http://meta.mk/en/sos-an-unregistered-ngo-gongo-or-pongo/
“SOS” wants to harm civil society organizations with lies, slander and
manipulation (07.02.2017)
http://meta.mk/en/sos-wants-to-blacken-civil-societies-with-untruths-and-manipulation/
“SOS” and its order-givers cannot silence the free-minded civil society
(08.02.2017)
http://metamorphosis.org.mk/en/aktivnosti_arhiva/sos-and-its-order-givers-cannot-silence-the-free-minded-civil-society/
Recommendations of the Senior Experts' Group on systemic Rule of Law
issues relating to the communications interception revealed in Spring
2015 (08.06.2015)
https://ec.europa.eu/neighbourhood-enlargement/sites/near/files/news_corner/news/news-files/20150619_recommendations_of_the_senior_experts_group.pdf
In Sweeping Effort to Spy on Civil Society, Macedonia Broke Its Own
Privacy Laws (17.07.2015)
https://advox.globalvoices.org/2015/07/14/in-sweeping-effort-to-spy-on-civil-society-macedonia-broke-its-own-privacy-laws/
Statement on Civil Society Situation in the Former Yugoslav Republic of
Macedonia (07.02.2017)
http://www.youthforum.org/assets/2017/02/Statement-on-Civil-Society-Situation-in-Former-Yugoslav-Republic-of-Macedonia.pdf
(Contribution by Filip Stojanovski, EDRi member Metamorphosis, Macedonia)
=======================================================================
2. Proposed Espionage Act threatens free speech in the UK
The UK’s Law Commission has announced proposals that could mean
journalists and whistleblowers are treated as spies if they “handle”
official data.
The ongoing open public consultation on the protection of official data,
run by the Law Commission, suggests that the crime of espionage is
changed so that it is “capable of being committed by someone who not
only communicates information, but also by someone who obtains or
gathers it”. There are also proposals to lift restrictions on who can be
charged with espionage. This could mean journalists, NGOs and
whistleblowers could be charged as spies. Anyone charged would not be
able to claim a public interest defence and could be sentenced to up to
14 years in prison.
—————————————————————–
Support our work with a one-off-donation!
https://edri.org/donate/
—————————————————————–
The plans appear to be aimed at preventing future leaks like those of
Snowden being published. If this proposal had been law in 2013, the
Guardian editor Alan Rusbridger and other journalists who helped break
the Snowden stories would undoubtedly have been charged with espionage.
If the proposals become law, there will be huge implications for free
speech and investigative journalism in the UK. It could also be used to
justify similar laws in repressive regimes.
The Law Commission claims it consulted EDRi member Open Rights Group
(ORG) about these plans, but this amounted to one single email and a
phone call. Other NGOs have also complained about the lack of proper
consultation. ORG will make a submission explaining the threats to free
speech and why these proposals should be dropped.
Protection of Official Data - Current project status
http://www.lawcom.gov.uk/project/protection-of-official-data/#protection-of-official-data
14 years in prison for doing journalism?! - Sign the petition
https://www.openrightsgroup.org/campaigns/espionage-act/14-years-in-prison-for-journalists-sign-the-petition-1
Britain attempts to brand journalists as spies
http://www.aljazeera.com/indepth/opinion/2017/02/britain-attempts-brand-journalists-spies-170217120419832.html
(Contribution by Pam Cowburn, EDRi member Open Rights Group, the United
Kingdom)
=======================================================================
3. Dutch House of Representatives passes dragnet surveillance bill
On 14 February 2017 the bill for the new Intelligence and Security
Services Act was passed by the Dutch lower house. Despite being met with
serious opposition from experts, regulators, civil society, political
parties, and citizens, the revised bill passed virtually unchanged from
the proposal submitted to the lower house. It’s beyond disappointing
that a bill with such momentous consequences was rushed through the
lower house with such relentless determination.
Political expediency, rather than sound legislation that would actually
protect citizens, seems to have prevailed. After publishing the draft
legislation online for consultation in July 2015, the cabinet took its
time to revise the widely criticised draft legislation. However, when
the revised bill was submitted to the lower house in late 2016, suddenly
time was of the essence, and the legislative process needed to be
hastily concluded before the elections in March 2017.
Despite being pressed for time, various opposition parties fought tooth
and nail to amend the flawed bill. Unfortunately, most amendments
failed, as coalition parties closed ranks around the Minister of the
Interior.
—————————————————————–
Support our work - make a recurrent donation!
https://edri.org/supporters/
—————————————————————–
So what are the bill’s biggest flaws?
Most importantly, the
controversial new law will allow intelligence services to systematically
conduct mass surveillance of the internet. The current legal framework
allows security agencies to collect data in a targeted fashion. The new
law will significantly broaden the agencies’ powers to include bulk data
collection. This development clears the way for the interception of the
communication of innocent citizens.
This law seriously undermines a core value of our free society, namely
that citizens who are not suspected of wrongdoing, ought not to be
monitored. Whether it concerns a WhatsApp-message or Skype-call,
anything you do online might very well end up in the dragnet cast by the
security agencies, provided that your communication falls within the
scope of a vaguely defined “research assignment”.
It is a matter of importance that intelligence agencies collaborate with
their foreign counterparts. For the sake of this cooperation, the
exchange of data is paramount. Yet, under the passed bill, Dutch
security agencies may also share collected data without having analysed
it first. When handing over data to foreign governments without
performing some form of data analysis prior to the exchange, it is
impossible to know what potentially sensitive information is being
thrust into the hands of foreign governments, and the consequences it
might have for citizens. This is unacceptable.
With this bill, agencies are granted direct and fully automated access
to databases of cooperating organisations without human interference.
The intelligence agencies may, for instance, be permitted access to the
databases operated by governmental institutions, such as the tax
authorities, but also to the data of schools, civic organisations and
businesses, such as banks. Hardly any measures are taken to ensure that
this is done in a responsible manner. Intelligence agencies are allowed
access to these databases without seeking prior permission from the
minister or review by the new Review Committee on the Intelligence and
Security Services (CTIVD).
Other contentious elements of the bill are the numerous open standards
and the lack of further specification. First of all, the limitations of
the powers will become clear only as we go along. Citizens are offered
little clarity in this matter. The CTIVD has already stated that the law
offers too little guidance for proper assessment. Furthermore, the
extent of the encroachment on our public liberties will largely be
determined by ongoing technological developments.
Despite its obvious shortcomings, the revised bill is, at some points,
an important improvement of the current law, and of the proposal that
was issued for public consultation in 2015. For instance, many of the
agency’s powers will now require a sign-off from the Minister of the
Interior and a review committee. Another positive note is the
construction of a framework for online research conducted by the agencies.
It’s now the Senate’s turn to review the bill. If the parliamentary
groups in the upper house follow the same approach as those in the lower
house, the bill will be cleared with a comfortable majority.
EDRi member Bits of Freedom will approach senators and insist they
carefully examine the proposal in light of the extensive criticism it
inspired, and not pass the bill without calling for changes. Should the
Senate vote in favour of the bill as it is, the possibility of a
litigation at the European level cannot be ruled out.
—————————————————————–
Support our work with a one-off-donation!
https://edri.org/donate/
—————————————————————–
EDRi: Dutch Parliament: Safety net for democratic freedoms or sleepnet?
(08.02.2017)
https://edri.org/dutch-parliament-safety-net-democratic-freedoms-sleepnet/
EDRi: Dutch dragnet surveillance bill leaked (04.05.2016)
https://edri.org/dutch-dragnet-surveillance-bill-leaked/
(Contribution by David Korteweg, EDRi member Bits of Freedom;
translation by Linsey Groot)
=======================================================================
4. What does your browsing history say about you?
An average internet user visits dozens of websites and hundreds of web
pages every day, most of which are kept in the history of our internet
browsers. But what if someone took this massive database of visited web
pages and cross-referenced them? A joint collaboration of Tactical Tech
and SHARE Lab researchers focused on discovering intentions, desires,
needs, and preferences of a person based on their browsing history.
—————————————————————–
Support our work - make a recurrent donation!
https://edri.org/supporters/
—————————————————————–
Swiss journalist, called Mr J for the purposes of the research, visited
the Tactical Tech office in Berlin in June 2015, and provided them with
a sample of his web history, upon which this research was based. By
analysing large sets of web addresses (so-called Uniform Resource
Locators URLs), especially from popular services such as Google Maps,
Google Search or YouTube, they were able to create a picture of Mr J’s
everyday routine, including his interests and intentions, even
apartments he rented via Airbnb while he was travelling abroad. Also,
since Facebook has a “real-name policy”, it is quite easy to link a
person’s web history to their profile, as well as create a social graph
of their Facebook friends and connections, based on the Facebook URLs
they visited.
As websites Mr J visits contain a lot of trackers, small bits of data
used for collecting behavioural information of users, the experiment
also showed which companies extract the most data on Mr J. Google,
Facebook and Twitter were unsurprisingly among the companies with the
largest number of trackers. It was also interesting to “read” sample web
pages Mr J visited like a machine would do it. This is possible with
Google’s Cloud Natural Language tool, which is attached to its deep
learning platform and can be used to extract information about people,
places, events, and much more, mentioned in text documents, news
articles or blog posts. It recognised important events, names, and
places based on keywords it picked up from web pages.
All these findings lead to the conclusion that if someone, such as
private companies, the state, or law enforcement, were to employ these
techniques on a large segment of the population and target people’s web
history, it would be a frightening introduction to a project of “thought
police”, arresting individuals suspected of committing a crime in the
future.
SHARE Lab: Browsing Histories - Metadata Explorations
https://labs.rs/en/browsing-histories/
(Contribution by Bojan Perkov, EDRi observer SHARE Foundation, Serbia)
=======================================================================
5. New legal framework for predictive policing in Denmark
After the terrorist attack in Copenhagen in February 2015, the Danish
government presented an action plan to strengthen the data analysis
capacity of the police and the Danish Security and Intelligence Service
(PET). The action plan, called “A Strong Guard against Terror”,
specifically mentions monitoring of social media posts in order to
discover possible terrorist attacks being planned.
Social media monitoring will involve massive processing of personal data
about citizens that are not suspected of a crime. Under Danish law, PET
already has wide powers to collect personal data for the purpose of
prevention and prosecution of terrorist offences. For the ordinary
police, the Danish Data Protection Act based on the Data Protection
Directive currently applies, except that the police is generally
exempted from the provisions on data subject rights and profiling.
Specific rules for processing of personal data by the police are
typically laid down in administrative orders pursuant to the Data
Protection Act. This includes the Danish system for Automatic Number
Plate Recognition (ANPR).
—————————————————————–
Support our work - make a recurrent donation!
https://edri.org/supporters/
—————————————————————–
Together with the General Data Protection Regulation (GDPR), the
European Union has recently adopted the Law Enforcement Data Protection
(LEDP) Directive, which, when transposed into Danish national law, will
apply to the ANPR system and other police data processing in connection
with criminal investigations. Denmark must implement this directive by 1
May 2017 in order to secure an operational arrangement with Europol
which Denmark would otherwise have to leave completely because of the
Danish opt-out from the Justice and Home Affairs (JHA) area of the
European Union.
In October 2016, the Danish newspaper Information reported that the
Danish police and PET had purchased an intelligence-led policing
platform from Palantir Technologies, a highly controversial company that
specialises in big data analytics for private companies, military
agencies, intelligence services and police authorities. Palantir was
selected among three companies in a public tender. A summary of the
requirements for the two intelligence systems (called PET-INTEL and
POL-INTEL, respectively) is publicly available, and it mentions
capabilities for accessing existing police and intelligence databases,
information exchange with Europol, open source collection of new
information, as well as algorithms for pattern recognition, hotspot
analysis, and social network analysis. In short, the public tender
document describes a system for predictive policing, which was
subsequently confirmed by the Danish Minister of Justice when answering
a written question from a Member of Parliament.
On 10 February 2017, the Danish Ministry of Justice presented a draft
law for public consultation on amending the Police Act with new data
analysis provisions. The main purpose of the draft law is to create a
legal basis for processing personal data in the POL-INTEL system. The
draft law uses the legal framework of the existing Data Protection Act
as a reference, even though this act must be replaced by the Danish LEDP
transposition before 1 May 2017. A complete LEDP implementation by 1 May
2017, which is a condition for continued Danish access to Europol
databases, will require a lot of work by the Danish Parliament and the
Legal Affairs Committee. It would seem prudent to complete the LEDP
implementation first, but the Danish government ostensibly has different
priorities.
The draft law provides a very general legal basis for combining existing
police databases for information analysis in the POL-INTEL system,
irrespective of the purpose limitations of these databases, and for
collection and processing of information, including personal data, from
open sources. The definition of open sources is very broad as it
includes any information source which does not require a court order for
evidence seizure or interception of electronic communications. The most
obvious open data sources are information from the internet and
surveillance in public spaces like ANPR, and perhaps facial recognition
in the future. However, information that can be purchased from
commercial vendors is also specifically mentioned as an open source.
This means that the police can buy information on individual citizens
from data brokers in Europe, or maybe even the United States, for
predictive policing purposes in the POL-INTEL system.
The new powers are described in very broad terms, and according to the
comments of the draft law, more specific provisions will be laid down in
future administrative orders. Presumably, the administrative orders are
also expected to provide the necessary data protection safeguards to
ensure compliance with the LEDP Directive (when it applies in Denmark),
and the rights to privacy and data protection under the Charter of
Fundamental Rights of the European Union and the European Convention of
Human Rights. One of the safeguards mentioned in the comments of the
draft law is that access to POL-INTEL will be restricted to specially
authorised police officers, and that the use of POL-INTEL will be
limited to necessary data analysis purposes, some of which can only use
aggregated or non-personally identifiable data as output. This does not
change the fact that POL-INTEL will become a huge database with
potentially massive amounts of personal data on individual citizens.
For open source collection, the comments of the draft law claim that no
new legal basis for data collection is created by the proposal. This is
confusing and in conflict with other parts of the comments of the draft
law. However, it could be the case that the draft law only
particularises a legal basis for mass or targeted data collection from
open sources that either exists in the current legislation or will be
provided for in future legislation or administrative orders within the
general data protection framework for law enforcement. A legal basis for
the Danish ANPR system was created in this way, so there are certain
precedents.
The issue of data subject rights is not mentioned in the comments of the
draft law. Under the current Danish legal framework for law enforcement
data processing, there is a complete exemption from the information
requirements and the data subject rights to access, rectification and
erasure. The LEDP Directive does not allow for such a blanket limitation
of all data subjects rights. Under the LEDP Directive, the specific
limitations of data subject rights must constitute necessary and
proportionate measures in a democratic society with due regard for the
fundamental rights and legitimate interests of the persons concerned. It
remains to be seen what implications this might have for the data
processing in the POL-INTEL system and in particular right to access for
citizens.
—————————————————————–
Support our work with a one-off-donation!
https://edri.org/donate/
—————————————————————–
EDRi-gram: Denmark about to implement a nationwide ANPR system (02.07.2014)
https://edri.org/denmark-implement-nationwide-anpr-system/
Declaration to minimise the negative effects of the Danish departure
from Europol, following the referendum in Denmark on 3 December 2015
(15.12.2016)
http://europa.eu/rapid/press-release_IP-16-4398_en.htm
Denmark buys surveillance system for millions from NSA vendor,
Information (only in Danish, 28.10.2016)
https://www.information.dk/indland/2016/10/danmark-koeber-overvaagningssystem-millioner-nsa-leverandoer
Public tender summary for PET-INTEL and POL-INTEL (only in Danish,
16.09.2015)
http://www.udbudsavisen.dk/Pages/Tenders/ShowTender?tenderid=26170
Draft law on amending the Police Act with data analysis provisions (only
in Danish, 10.02.2017)
http://hoeringsportalen.dk/Hearing/Details/60330
(Contribution by Jesper Lund, EDRi member IT-Pol, Denmark)
=======================================================================
6. The UK Digital Economy Bill: Threat to free speech and privacy
The Digital Economy Bill is being debated by the House of Lords in the
United Kingdom. This is a far-reaching bill that covers a range of
digital issues, including better broadband coverage across the UK.
However, from the digital rights point of view, there are three main
areas of concern.
Age verification:
The bill includes proposals to force porn sites to verify the age of
their users with no requirements to protect their privacy. During the
debate on 6 February 2017, the UK government said no privacy safeguards
were necessary. In order to force foreign websites to comply with the
proposals, the government has proposed that a regulator could instruct
Internet Service Providers (ISPs) to block websites that fail to provide
age verification. This could mean that thousands of websites containing
legal content could be censored. These proposals have implications for
privacy and free speech rights in the UK and EDRi member Open Rights
Group (ORG) is campaigning to amend the bill.
Data sharing:
There are worrying proposals to make it easier to share data not only
across government departments, but also with private companies. ORG has
been involved in government discussions about these measures but the
concerns raised have not been addressed in the bill. The main concerns
are that the bill lacks sufficient privacy safeguards, ministers have
too much power without scrutiny, data on births, deaths, and marriages
can be shared without any restrictions other than those found in pieces
of other legislation, and the codes of practice are not legally binding.
Copyright:
There are proposals to increase the maximum prison sentences for online
copyright infringement to ten years - to bring it in line with offline
infringement. ORG is concerned that the definition of the infringement
is too broad and will catch large numbers of internet users. ORG is
trying to amend the bill to ensure that such severe sentences are given
to only those guilty of serious commercial infringement.
ORG has made a submission explaining the huge threat to free speech and
why these proposals should be dropped. They launched a spoof recruitment
campaign for Internet Censors to help classify the web for age
verification. Over 23 000 people have signed a petition for rejecting
the proposals.
—————————————————————–
Support our work - make a recurrent donation!
https://edri.org/supporters/
—————————————————————–
ORG’s submission
https://www.openrightsgroup.org/ourwork/reports/written-evidence-to-house-of-commons-public-bill-committee-on-the-digital-economy-bill
Spoof recruitment campaign
https://www.newgovernmentjobs.co.uk
Petition about the proposals
https://www.newgovernmentjobs.co.uk/petition/say-no-to-censorship-of-legal-content/
(Contribution by Pam Cowburn, EDRi member Open Rights Group, the United
Kingdom)
=======================================================================
7. Consultation on multilateral investment court misses the point
The European Commission has launched a consultation on establishing a
multilateral investment court, which would serve as a permanent body to
decide investment disputes. The court would replace controversial
investor-to-state dispute settlement (ISDS) mechanisms in existing and
future trade and investment treaties. It would interpret the substantive
rules in these treaties, which provide a high level of legal protection
for investors. This would leave states no or a very limited right to
regulate, as regulation would always happen under the (real or
perceived) threat of supranational litigation.
—————————————————————–
Support our work - make a recurrent donation!
https://edri.org/supporters/
—————————————————————–
The issue at hand is that the consultation has a narrow scope with no
regard to social impacts, including fundamental rights. Therefore it is
crucial to react. The deadline for submitting comments on the
questionnaire on options for a multilateral reform of investment dispute
resolution is 15 March 2017.
The multilateral investment court proposal is based on an Inception
Impact Assessment which presents various scenarios. Its baseline
scenario - what would happen without EU policy changes - is just one
sentence long and doesn't expect the court to have social (or
environmental) impacts. The baseline scenario ignores existing impacts,
a huge expansion, through new treaties, of covered foreign direct
investment, and a greater scope, as EU trade and investment treaties
bring EU decisions under the scope of investment mechanisms. A more
comprehensive baseline scenario would address growing social impacts.
Compared to ISDS, a multilateral investment court would bring
institutional improvements. Such improvements, however, do not solve
systemic issues with specialised and supranational adjudications, which
create a high risk of expansive interpretations of investors' rights.
Specialised courts tend to interpret expansively and the supranational
level lacks effective instruments to correct expansive interpretations.
A multilateral investment court would shift the balance between
investments on the one hand and democracy and fundamental rights on the
other. This undermines our values, ability to reform, and ability to
respond to crises.
Foreign investors would be able to use a multilateral investment court
to challenge EU data protection enforcement measures. This could apply
to, for instance, the suspension of cross-border data flows or fines
imposed by supervisory authorities on data controllers and data
processors under the General Data Protection Regulation (GDPR). A
multilateral investment court would also impede reform of "intellectual
property" rights.
The Commission's consultation seems designed to keep social (and
environmental) impacts out of the consultation's results. In light of
the need to protect fundamental rights, the EU cannot ignore,
legitimise, or perpetuate increasing impacts. With a baseline scenario
showing growing impacts on fundamental rights, the Commission should
work out scenarios which will decrease them.
General Data Protection Regulation: Document pool
https://edri.org/gdpr-document-pool/
Questionnaire on options for a multilateral reform of investment dispute
resolution
http://trade.ec.europa.eu/consultations/index.cfm?consul_id=233
Multilateral investment court assessment obscures social and
environmental impacts
https://blog.ffii.org/multilateral-investment-court-assessment-obscures-social-and-environmental-impacts/
Defend democracy: draft answers for new ISDS consultation
https://blog.ffii.org/defend-democracy-draft-answers-for-new-isds-consultation/
ENDitorial: EU Commission ISDS proposal – a threat to democracy
https://edri.org/enditorial-eu-commission-isds-proposal-threat-to-democracy/
(Contribution by EDRi member Vrijschrift, The Netherlands)
=======================================================================
8. Lead Parliamentarian for Culture Committee defends upload filtering
On 6 February 2017, the Parliamentarian in charge of the Copyright
Directive for the European Parliament (EP) Committee for Culture and
Education (CULT), Marc Joulaud, published his draft Opinion on the
proposal for the Directive.
As we described in our previous blogposts (here, here and here) the
European Commission’s proposal has not fulfilled hopes for a reform that
could deliver a modern, harmonised European copyright framework. The
proposal has been disappointing both for not introducing the much needed
changes and scary for what it proposes, namely an upload filter for all
types of content and the ancillary copyright that failed in two European
countries already.
Our main concern relates to the upload filter proposed in Article 13. We
analysed the article in detail and summarised the three main problems.
The upload filter:
requires internet companies to install filtering technology to
prevent the upload of content that has been “identified by rightsholders”;
seeks to make internet providers responsible for their users’ uploads;
gives internet users no meaningful protection from unfair deletion of
their creations, because of the bad wording of the proposal for user
redress.
The CULT Draft Opinion fails to fix any of these issues: First, in the
Amendment (AM) 28 (related to recital 38 of the proposed Directive) the
draft Opinion broadens the scope from covering providers hosting a
“large amount of works” to “user-generated content, copyright-protected
works or other subject-matter actively uploaded or displayed by their
users”. This adds nebulosity where previously there was fogginess.
In addition to suggesting an incomprehensible broadening of the already
bewildering scope, it does not challenge the implications of the
Commission’s proposal which, in essence, argues that, by providing web
hosting services, companies “thereby” go beyond being web hosting
services. This strange construction is key in the intended destruction
of the liability regime for hosting services provided for in the
e-Commerce Directive, while claiming in the text that this change is
“without prejudice to the e-Commerce Directive”.
Then, changes proposed in recital 39 (AM 29) do not help to clarify the
text by replacing “services” with “platforms”, despite Rapporteur
Joulaud’s possibly good intention to restrict the wording. A good
attempt to fix the proposal in the recitals is found in the next AM 30
(new recital 39a), where the Rapporteur acknowledges that “measures and
technologies deployed by digital content platform providers in
application of this Directive may occasionally have a negative or
disproportionate effect on legitimate content that is uploaded or
displayed by users, in particular where the concerned content is covered
by an exception or limitation”. In order to counter-balance these real
concerns about inevitable restrictions on citizens’ freedoms, the
Rapporteur of the Draft Opinion proposes new wording to “strengthen” the
redress mechanism in Article 13.2.
Oddly enough, the Rapporteur appoints the rightsholder (not the
platform, nor the platform in cooperation with the relevant rightsholder
nor, of course, not an independent authority) to be the judge that will
“examine and process” the complaints by the user. The proposal also
tries to prevent a situation whereby, while the dispute is being
settled, a party makes a profit out of content which is not theirs. In
order to do that, the proposal establishes that the alleged rightsholder
will not be able to monetise the content which is being examined (by the
rightsholder) until the complaint has been addressed. This is welcome,
as it could help to speed up the process. However, putting the foxhunter
in charge of the rules of the foxhunt lacks a degree for credibility.
Although the proposed amendment establishes that the rightsholder should
“justify” the decision, it is unclear how this “justification” can bring
any more legal certainty than the wholly arbitrary proposal of the
Commission. Finally, Rapporteur Joulaud adds a new paragraph on AM 76 to
propose an alternative dispute resolution mechanism for rightsholders
and “digital content platforms” involved, to which the individual user
potentially affected by the decision is not consulted.
The text does contain, however, positive proposals such as the new
exception for user-generated content (which, however, risks being
filtered out as a result of Article 13) and a (sadly incomplete) attempt
to include an exception on freedom of panorama (with, of course, this
freedom being vulnerable to being negated by the restrictions in Article
13). We welcome that the Rapporteur has acknowledged the importance of
these two issues. Now that they are included in the draft Opinion, there
is at least the chance of a debate that could make these two proposals
stronger and part of the final text from the European Parliament.
In a nutshell, Rapporteur Joulaud has tried unsuccessfully to improve
the profoundly broken text of the European Commission but, as the old
saying goes, "you can't make a silk purse out of a pig's ear". His
attempts to fix the worst parts of the proposal may well be
well-intentioned, but unfortunately they do not achieve the goal of
making the proposals acceptable, especially regarding to the wording in
Article 13. Deletion is the only credible option for the upload filter
proposal, just like the proposal for ancillary copyright. Some positive
aspects can be found in the draft Opinion but both there and in the rest
of the Directive we will need to see much more thorough work to make
something good out of it.
Copyright reform: Document pool
https://edri.org/copyright-reform-document-pool/
The copyright reform (02.11.216): A guide for the perplexed
https://edri.org/copyright-reform-guide-for-the-perplexed/
C4C: CULT Opinion on the Copyright in the Digital Single Market
Directive: bad on filtering, press publishers’ rights and TDM, but
putting users back in the picture! (13.02.2017)
http://copyright4creativity.eu/2017/02/13/cult-opinion-on-the-copyright-on-the-digital-single-market-directive-bad-on-filtering-press-publishers-rights-and-tdm-but-putting-users-back-in-the-picture/
Limiting the snippet levy to commercial use is tangling up an already
muddy issue (10.02.2017)
http://www.communia-association.org/2017/02/10/limiting-snippet-levy-commercial-use-tangling-already-muddy-issue/
(Contribution by Diego Naranjo, EDRi)
=======================================================================
9. Unclear Terrorism Directive creates risks for citizens' security
On 16 February 2017, the European Parliament voted in favour of the EU
Directive on combating terrorism. Weak, unclear, ambiguous wording in
the Directive presents dangers for the rule of law, the right to privacy
and freedom of opinion and expression of people in the European Union.
"Adopting a Directive that is unclear and wide open to abuse is little
short of reckless. The Directive brings few obvious gains for security,
but its ambiguity creates major risks for democratic freedoms," said
Maryant Fernández Pérez, Senior Policy Advisor at European Digital
Rights (EDRi). "We will now have to wait over four years for the
European Commission to assess whether the Directive and its
implementation by Member States violate our fundamental rights and
freedoms. This is unacceptable," she added.
EDRi and other civil society organisations have worked hard with
policy-makers to solve key issues. As a result, for example, the freedom
to express radical, polemic or controversial views in the public debate
on sensitive political matters is now part of the final text of the
Directive. This, at least in principle, recognises human rights that
have been affirmed by the European Court of Human Rights. However, the
EU co-legislators decided to ignore a long list of dangerous provisions.
For instance, the Directive criminalises "glorifying terrorism", without
defining what it means, thereby creating the risk of accidental or
deliberate imposition of (or threat of) excessive punishment and
censorship. In addition, the Directive criminalises consulting
"terrorist websites", which will create an obvious chilling effect as
people avoid the risk of viewing anything that might be subsequently
decided to be a "terrorist website". Indeed, this week, the French
Constitutional Court declared a similar provision unconstitutional.
Civil society has repeatedly warned policy-makers against the adoption
of a seriously flawed Directive. According to the European Parliamentary
Research Service, all stakeholders that have followed this legislative
process have expressed serious concerns. Yet, the flaws have been
ignored. What's more, the final text also ignores valuable
recommendations given by the European Economic and Social Committee on
17 March 2016.
We thank the MEPS who voted against the Directive, as they have
understood that we cannot fight terrorism by weak, ambiguous legislation
that will undermine the freedoms we are defending.
Background information:
The legislative process to adopt the Directive lacked in public
participation and transparency. The European Parliament vote is the
conclusion of a fast-tracked process, whose excessive haste can be seen
in its weak drafting. Member States now have 18 months to implement the
Directive, except for the United Kingdom, Ireland and Denmark, which
decided not to be bound by it. The European Commission will have to
conduct a report assessing the implications of the implementation of the
Directive on human rights and the rule of law. However, we will have to
wait a minimum of 54 months for this report to be delivered.
The time has come to complain about the Terrorism Directive (15.02.2017)
https://edri.org/the-time-has-come-to-complain-terrorism-directive/
Terrorism Directive: Document pool
https://edri.org/terrorism-directive-document-pool/
European Union Directive on counterterrorism is seriously flawed
(30.11.2016)
https://edri.org/european-union-directive-counterterrorism-seriously-flawed/
=======================================================================
10. Recommended Action
Join the seminar on digital rights in Bosnia and Herzegovina!
Apply now for a youth seminar close to Sarajevo (24-30 April 2017) and
help turn activists into Digital Rights Activists. The programme will be
highly interactive and includes discussions on how the online security
discourse impacts fundamental rights as well as hands-on practical sessions.
https://www.cdnee.org/call-for-participants-digitised-security/
=======================================================================
11. Recommended Reading
What could happen if you refuse to unlock your phone at the US border?
(15.02.2017)
https://arstechnica.co.uk/tech-policy/2017/02/what-could-happen-if-you-refuse-to-unlock-your-phone-at-the-us-border/
Defending Privacy at the U.S. Border: A Guide for Travelers Carrying
Digital Devices (2011)
https://www.eff.org/files/eff-border-search_2.pdf
Edward Snowden’s New Job: Protecting Reporters From Spies (14.02.2017)
https://slim-weight.info/2017/02/reporters-need-edward-snowden/%3C/p%3E%3Cp%3EHow to encrypt your entire life in less than an hour (09.11.2016)
https://medium.freecodecamp.com/tor-signal-and-beyond-a-law-abiding-citizens-guide-to-privacy-1a593f2104c3#.9wwx9n7cr
=======================================================================
12. Agenda
06.03.2017, Valencia, Spain
Internet Freedom Festival 2017
https://internetfreedomfestival.org/
24.03.2017, Amsterdam, the Netherlands
EDRi General Assembly
29.03.2017, Brussels, Belgium
RightsCon Brussels 2017
https://www.rightscon.org/
03.04.2017, Nicosia, Cyprus
2nd International Conference on the Right of Freedom of Expression in
the Digital Age
https://www.unic.ac.cy/news-and-events/73/call-papers-right-freedom-expression-digital-age/757018
24.04.2017, Sarajevo, Bosnia and Herzegovina
Digitised security: How to read the surveillance discourse and fight it!
https://www.cdnee.org/digitised-security-how-to-read-the-surveillance-discourse-and-fight-it/
05.05.2017, Bielefeld, Germany
Big Brother Awards Germany 2017
https://bigbrotherawards.de/
08.05.2017, Berlin, Germany
re:publica 2017
https://re-publica.com/en
06.06.2017, Tallinn, Estonia
EuroDIG 2017
https://www.eurodig.org/
04.08.2017, Zeewolde, the Netherlands
SHA2017
https://sha2017.org/
============================================================
12. About
EDRi-gram is a fortnightly newsletter about digital civil rights by
European Digital Rights (EDRi), an association of civil and human rights
organisations from across Europe. EDRi takes an active interest in
developments in the EU accession countries and wants to share knowledge
and awareness through the EDRi-gram.
All contributions, suggestions for content, corrections or agenda-tips
are most welcome. Errors are corrected as soon as possible and are
visible on the EDRi website.
Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/
Newsletter editor: Heini Jarvinen - edrigram@edri.org
Information about EDRi and its members: http://www.edri.org/
European Digital Rights needs your help in upholding digital rights in
the EU. If you wish to help us promote digital rights, please consider
making a private donation.
https://edri.org/donate/
- EDRi-gram subscription information
subscribe by e-mail
To: edri-news-request@mailman.edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
Unsubscribe by e-mail
To: edri-news-request@mailman.edri.org
Subject: unsubscribe
- Newsletter archive
Back issues are available at:
http://www.edri.org/newsletters/
- Help
Please ask edrigram@edri.org if you have any problems with subscribing
or unsubscribing.