Page 3 of 5

EDPS: Data Retention Directive Deficient; Fails Requirements of Privacy & Data Protection

Peter Hustinx, European Data Protection Supervisor has released his opinion on the European Data Retention Directive (2006/24/EC) and it is scathing. Flatly, the director has stated that the directive does not meet privacy and data protection requirements. This is something we have reiterated to various inquiries and government departments, considering the Australian Attorney General has signalled an intention to implement data retention in Australia in line with the EU directive.

Jonathan McIntosh - CC-BY-SA - Flickr

 

From a privacy and data protection perspective, the Evaluation report also justifies the conclusion that the Data Retention Directive does not meet the requirements imposed by the rights to privacy and data protection. There are several deficiencies: the necessity of data retention as provided for in the Data Retention Directive has not been sufficiently demonstrated, data retention could, in any event, have been regulated in a less privacy-intrusive way, and the Data Retention Directive lacks ‘foreseeability’

It is without doubt that the justifications for dragnet data retention are reactionary, without proportion and without necessity.

The report stipulates, that whilst there are interesting situations presented where data retention may be used or is ‘indispensible’ to the investigation, these do not constitute a necessity for data retention.

It interestingly also mentions the Commissions justification of the directive by attaching significant importance to retained data which was used to exclude subjects from crime scenes and to verify alibis.

Although these are interesting examples of how the data is used by law enforcement authorities, they cannot be put forward as demonstrating the need for data retention. This argument should be used with caution as it might be misunderstood implying that retention of data is necessary for proving the innocence of citizens, which would be difficult to reconcile with the presumption of innocence.

The report puts forward the use of data preservation as an alternative method for use by investigations of criminal activity, which is basically the securing or ‘freezing’ of metadata (locational and traffic data) relating to the suspect via a preservation order, which could then potentially be made available to law enforcement through  judicial authorisation (i.e. a warrant). This something that would comply with the minimum requirements of the CoE Cybercrime Convention, however the Commission seems intent on persisting with wide-scale data retention because preservation…

…does not guarantee the ability to establish evidence trails prior to the preservation order, and does not allow investigations where a target is unknown, and does not allow for evidence to be gathered on movements of, for example, victims of or witnesses to a crime.

The report gives four principle reasons as to why the wide-scale retention of traffic data as regulated by the EU directive goes beyond what is necessary and is disproportionate.

1. The notion of ‘competent national authority’ is understood differently, and in some cases have led to widespread use of the retained data by too many authorities. The consistency of safeguards across different nations has also led varying degrees of judicial oversight and conditions for access.

2. Two years is far too long, and the majority of requests (86%) have been for data within six months. The majority of EU states have also elected to retain data for no longer than 1 year, suggesting that the maximum period of two years far exceeds what is required or necessary.

3. Security of data is a huge issue. One only has to look to the crippling breaches in the security of private data in the last month to see how vulnerable data can be. In the EU, there seems to have been a ‘patchwork’ of security measures implemented, and although there apparently have been no concrete examples of serious breaches, this does not eliminate the potential for serious breaches.

This issue cannot be taken lightly, as the security of the retained data is of crucial importance to a system of data retention as such, as it ensures respect for all other safeguards.

4. The Directive demands a wide array of telecommunications data is retained, however there is very little information on whether it is necessary to retain all this data, and for the same length of time, thus preventing any meaningful conclusion being arrived at.

In reality, the only thing that can be deduced is that the directive is eroding the fundamental right to privacy, this insidious directive is leading to a situation where the populace is under perpetual surveillance. This report is just one of many, that reiterates that the only way to move forward is to dispense with the directive — repeal. It is an unjustified interference into the privacy of all citizens.

The full 16 page document can be found on the EDPS website.

An Open Letter to the German Ambassador

The following is an open letter to his Excellency Dr. Michael Witter, Ambassador of the Federal Republic of Germany and the German Government in Australia, Papua New Guinea, the Solomon Islands, Vanuatu and Nauru with regards to the so called #servergate scandal that has erupted overnight in Germany.

Dear Mr. Ambassador,

I write to you with regard to events that have transpired on Friday, the gravity of which have led me to question the democratic integrity of the Federal Republic of Germany.

On Friday morning, May 20, German law enforcement officers seized the information technology and communications infrastructure of the Piratenpartei, a legal and officially recognised political party. The seizures have transpired irrespective of the fact that the Party is not suspected of any illegal activity. Media reports suggest that the seizures have occurred as a result of investigations by the French law enforcement organisations into an alleged distributed denial of service attack, and event which itself occurred several months prior to the seizure. French investigators are of the opinion that one of the servers, which provides collaborative services and tools that may be used by the general public, may have been used by an individual or individuals in the planning of the alleged attack. Indeed, it should be noted, that we as a party also use services provided by the Piratenpartei which were affected by these seizures.

German law enforcement officials have not however, seized only the server in question, but instead all servers used by the Piratenpartei for communication and organisation.

The gravity of this situation in where a legal and officially recognised political organisation is paralysed in itself is deeply troubling. It is however compounded by the fact that this event has transpired two days prior to elections which are being held in the Free Hanseatic City of Bremen, in which the Piratenpartei is participating.

The seizure of essential campaign organisation and planning infrastructure is expected to severely hamper and paralyse the electoral campaign of the Party. Both the timing, in its proximity to the election in the State of Bremen in relation to the investigation of an event that transpired some months ago, and the sheer enormity of the seizure of the entire organisational and planning infrastructure, where only a small amount of data located on a single server is required, raise significant concerns about the political impartiality of German law enforcement officials and the sanctity of democratic institutions and processes.

I write to you to pose the following questions: will an inquiry be held regarding the actions of German law enforcement officials, with regards to their proportionality and whether they have interfered with the rights afforded under Article 21 on the Basic Law for the Federal Republic of Germany?

What undertakings will the government of Germany take to ensure that such interference in the political process does not occur again? I thank you for your time, and look forward to your response.

Filtering and Blocking to Protect Copyright Infringes Fundamental Rights: EU Court of Justice

In what could potentially be very big news, and a first step in actively pushing back the copyright monopoly, the Advocate General Cruz Villalón of the Court of Justice of the European Union has given opinion that states:

Advocate General Cruz Villalón considers that the installation of that filtering and blocking system is a restriction on the right to respect for the privacy of communications and the right to protection of personal data, both of which are rights protected under the Charter of Fundamental Rights. By the same token, the deployment of such a system would restrict freedom of information, which is also protected by the Charter of Fundamental Rights.

Rick Falkvinge writes:

This means that Eircom can no longer be forced to eavesdrop on its customers to filter out certain parts, and it means that Danish ISPs can no longer be mandated to censor The Pirate Bay and AllOfMP3. Black Internet in Sweden can give the finger to the court order to block The Pirate Bay. Many, many aggressions from the copyright industry stand to just fall flat on their face.

Christian Engström relays a comment from Slashdot user CrystalFalcon which very succinctly relays what the opinion of the Advocate General actually means:

One, no court may impose an ISP with an order to filter, in particular not because of enforcement of copyright monopolies;

Two, such filtering is a reduction of fundamental rights, so

Three, if laws are written requiring an ISP filter or block the internet, such laws must conform to very strict criteria that are applied to laws limiting fundamental rights. They must be effective, they must be proportionate, and they must be defensible in a democratic society. While this sounds like political wishywashing, it has some very specific meanings. It is useful to compare to what laws have been written to prevent terrorism: these laws are held to that standard, which the copyright industry wants badly to supersede. The Attorney General also goes into detail how such laws must be transparent and predictable.

What this does not say is that:

Four, no censorship must ever take place.

Five, no ISP may choose to limit what they present as “The Internet”.

In conclusion:

Six, it has been the modus operandi of the copyright industry to threaten ISPs with “block to our wishes or we’ll take you to court”. This has been their standard operating procedure for the past couple of years, in order to establish enough precendents to get them written into law. Today’s verdict, or potential verdict, gives those ISPs the power to say “go play on the highway, parasites, we have an order from the highest possible court saying no court can force us to do that. We care more about our customers than about obsolete irrelevants”.

Seven, this is the highest court in Europe, referring to the (equivalent of) Constitution of Europe. Thus, there are no courts and no laws that can supersede this. No EU Directive can change this (potential) verdict. The way forward for the copyright industry appears permanently blocked; I hold it as absolutely improbable that they’ll get paragraphs in the referred European Charter of Human Rights that put the copyright monopoly before the sanctity of correspondence, of personal data, and freedom of information.

This on the day New Zealand’s Government have passed insidious disconnection laws that violate human rights.

 

Blog Safely With Pirate.is

The Washington Pirate Party has launched ‘pirate.is‘ a blogging service not unlike any other, based on WordPress, with one important distinction — it takes advantage of the legal framework and protections provided by the Icelandic Modern Media Initiative by being hosted in Iceland, that provides:

 

 

— Whistle-blower protection
— Source protection
— Source-journalist communications protection
— Limiting prior restraint
— Protection of intermediaries (ISPs)
— Protection from “libel tourism” and other extrajudicial abuses
— Statute of limitations on publishing liabilities
— Process protections

This framework is something that almost all Pirate Parties, including ours, advocate at a national level.

Congratulations to the Pirate Party of Hesse

Piratenpartei presence @ the Freiheit statt Angst (Freedom Not Fear) 2009 Rally by Michael Vogel

I’d like to take the time to congratulate the Pirate Party of Hesse (Piratenpartei Hesse) for their huge achievement in the German state’s most recent local elections, held on March 27, 2011.

Achieving between 1.2% and 6.25% of the vote throughout the state, the Party secured 31 seats.

Even at a local level, the politics of the Pirate Party are appealing — greater transparency of the state, more participatory, democratic government. This victory is historic, especially for such a new Party. They should be very proud.


 

The Future of Copyright

At a Blue Sky Conference, Francis Gurry, Director General of the World Intellectual Property Organisation (WIPO) made some very interesting observations and comments, some that inspire hope for change, inspire a move away from maximalism, away from the cloistered policy laundering of trade agreements like ACTA and the TPPA.

The first of those is neutrality to technology and to the business models developed in response to technology. The purpose of copyright is not to influence technological possibilities for creative expression or the business models built on those technological possibilities. Nor is its purpose to preserve business models established under obsolete or moribund technologies. Its purpose is, I believe, to work with any and all technologies for the production and distribution of cultural works, and to extract some value from the cultural exchanges made possible by those technologies to return to creators and performers and the business associates engaged by them to facilitate the cultural exchanges through the use of the technologies. Copyright should be about promoting cultural dynamism, not preserving or promoting vested business interests.

The Pirate movement also get a special mention … and it’s not all bad.

Beyond law and infrastructure, we have culture, and the Internet has, as we know, developed its own culture, one that has seen a political party, the Pirate Party, emerge to contest elections on the basis of the abolition or radical reform of intellectual property, in general, and copyright, in particular. The platform of the Pirate Party proclaims that “[t]he monopoly for the copyright holder to exploit an aesthetic work commercially should be limited to five years after publication. A five years copyright term for commercial use is more than enough. Non-commercial use should be free from day one.”

The Pirate Party may be an extreme expression, but the sentiment of distaste or disrespect for intellectual property on the Internet that it voices is widespread. Look at the incidence of illegal down-loading of music. We may argue about the right methodology to use to measure that phenomenon, but we are all certain that the practice has reached alarming dimensions.

In order to effect a change in attitude, I believe that we need to re-formulate the question that most people see or hear about copyright and the Internet. People do not respond to being called pirates. Indeed, some, as we have seen, even make a pride of it. They would respond, I believe, to a challenge to sharing responsibility for cultural policy. We need to speak less in terms of piracy and more in terms of the threat to the financial viability of culture in the 21st Century, because it is this which is at risk if we do not have an effective, properly balanced copyright policy.

We of course disagree that change can or should be effected, or that we are an extreme representation of this sentiment. I think typically, the pirates I talk to are rational and balanced in their approach, analysing the issue from many different perspectives — historically, economically and progressively discussing how the regulation of information, culture and knowledge should occur. Conversely, big media’s opposition to positive change culminates in yelling of ‘Thief! Thief!’, intellectually devoid of any real substance.  I think we will in 20-30 years look back on this time, and wonder how we could punish and marginalise those that share non-commercially.

Guiding Principles For Upcoming Copyright Reforms

We’ve put together some principles that we’re asking the law and policy makers to consider in the inevitable legislative responses to the Roadshow v iiNet battle that will inevitably go to the High Court.

Access is a right. The Internet should be considered a utility, and access should be considered a fundamental right. The government’s commitment to the construction of the National Broadband Network signals that it is every citizen’s right to have access to an Internet connection. Disconnecting a customer from an ISP not only affects the user found sharing, but all other occupants of the premises, making the punishment fundamentally unjust.

Due process must be observed. Economically, socially and culturally, Australian citizens have become reliant on the Internet in the conduct of their daily affairs. It has become a civic space, that allows for political discourse, and is increasingly important for social engagement with friends and loved ones. Extra-judicial termination, suspension or interference is not reasonable, it is a violation of fundamental human rights.

Privacy must be respected. The privacy of communication is a fundamental right that underpins human dignity and is essential in any democratic framework. Communications on the Internet should be considered akin to letters sent through the postal service — their contents should be protected by the law from interception, monitoring or inspection.

Sharing is legitimate. The non-commercial sharing of information, culture and information is a legitimate form of cultural participation. Economically and culturally, file sharing is positive. The marginalisation and repression of Australians sharing culture, information and knowledge must be stopped.

Structural reform is necessary. There is a genuine need of structural reform. It is difficult, if not impossible to ask industry to innovate where the law does not permit it. Concessions extracted from previous copyright panics have created structural barriers to reform and innovation of new business models. Whilst some will adapt, incumbent organisations will pursue the maintenance of their monopoly if the law, and politicians permit and enable it. Society’s perception of how information and culture regulation should occur, as well as its expectations of justice, has shifted.

All stakeholders must be represented. Any government facilitated industry agreement or code must be crafted in a transparent and inclusive manner allowing consumer groups and civil society to be adequately represented so that any potential agreement respects the interests and civil liberties of Internet users and artists.

Reasonable I think, whether they’ll be listened to is unknown. We’ll be asking for endorsement/review from civil society and other political parties who’ll hopefully embrace it.

« Older posts Newer posts »

© 2017 Rodney Serkowski

Theme by Anders NorenUp ↑