Mooi nieuws! Internetvrijheid heeft een goede plek veroverd in het D66 concept verkiezingsprogramma voor de Europese verkiezingen. Duidelijke plannen en voorstellen om internetvrijheid te beschermen en privacy te vergroten. Wie helpt de puntjes op de ‘i’ zetten?
Omdat het programma al een heel aantal onderwerpen die we belangrijk vinden benoemt hebben we onze voorstellen voor aanpassing beperkt gehouden. Aangezien de deadline voor amendering ook kort is komt dat goed uit. Onze voorstellen vind je dikgedrukt, hieronder.
1. Eén Europese digitale markt, regelnummers 53-59
D66 liep voorop in de strijd tegen de bedreiging van internetvrijheid door de ACTA-voorstellen (Anti-Counterfeiting Trade Agreement – Handelsovereenkomst ter bestrijding van namaak). Een tweede ACTA moet voorkomen worden. Dit vraagt om nieuwe spelregels. Voor D66 betekent dit een hoog beschermingsniveau van onze privacy, met voldoende ruimte om Europees te kunnen innoveren en ondernemen. Daarom ondersteunt D66 Europese initiatieven voor de modernisering en Europese harmonisering van het auteursrecht, waarbij dat auteursrecht niet mag leiden tot inperking van de internetvrijheid. Maatregelen zoals websiteblokkades of een downloadverbod zijn daarom geen oplossingen.
Toelichting: we stellen voor deze paragraaf in regel 59 uit te breiden met een specifieke verwijzing naar een downloadverbod en websiteblokkades.
2. Pal staan voor privacy, regelnummers 536-539
De afgelopen jaren is de bescherming van privacy in Europa verder in het gedrang gekomen. Persoonlijke gegevens die in verkeerde handen vallen, vormen zeker in het internettijdperk een onaanvaardbaar risico. D66 zet privacy bescherming hoog op de agenda. Bij de herziening van de Europese privacywetten maakt D66 zich dan ook hard voor strakke maar werkbare regels.
Toelichting: alleen stellen dat persoonlijke gegevens in verkeerde handen een ‘risico’ vormen, is wat zwak uitgedrukt. Vandaar de toevoeging ‘onaanvaardbaar’ in regel 538.
3. Pal staan voor privacy, regelnummers 560-562
Bij het streven naar een hoogwaardige bescherming van onze privacy willen wij naar één strenge Europese norm, gecombineerd met stevig toezicht. Deze biedt niet alleen de gewenste bescherming, maar geeft onder andere door haar brede gelding ruimte voor innovatie en ondernemen in heel Europa.
Toelichting: een strenge norm is alleen zinvol wanneer daarop wordt toegezien door een toezichthouder met tanden.
Bovenstaande amendementen hebben we ook in een pdfje gegoten. De deadline voor het indienen van amendementen door leden is zaterdag 17 december, 10.00 uur. Met vragen of opmerkingen kun je natuurlijk altijd contact opnemen via firstname.lastname@example.org.
Again, Bollaert is a despicable person. A year ago, Adam Steinbaugh was one of the first to detail the nasty practices of "YouGotPosted" (or "UGotPosted") and the companion site "ChangeMyReputation." However, as Eric Goldman details, there are a bunch of dangerous problems with the charges that Harris filed against Bollaert, mainly in that many of them seem to blame him for the way users use the site -- something that the site is protected from under Section 230: The other two asserted unlawful purposes are (1) online harassment per Penal Code 653m(b) (criminalizing “repeated contact by means of an electronic communication device”), and (2) the civil tort of public disclosure of private facts (citing a troubling precedent, In Re Rolando S.). Unlike the extortion claim, both allegations depend on the behavior of the website’s users. The complaint doesn’t allege that Bollaert himself made repeated contacts with victims using an electronic communication device, or that Bollaert himself disclosed anyone’s private facts. Instead, the complaint alleges that Bollaert ran a UGC website where users performed unlawful activities. But that’s exactly what UGC websites do: they let users publish content online for both good and evil. If we hold UGC website operators responsible for the fact that their users sometimes commit crimes, then all UGC website operators are criminals.
Fortunately, that’s not the law. In 1996, in 47 USC 230 (Section 230), Congress said that websites aren’t liable for third party content, even if the third party violates state criminal law. From my perspective, based on the allegations in the complaint and arrest warrant, the identity theft charges predicated on harassment and privacy violations appear to be preempted by Section 230 It's no secret that the various state attorneys general, including Harris, would love to wipe out Section 230. So perhaps she sees this as a chance to take a case so emotionally charged that she can get a favorable ruling. That's dangerous, since as Goldman notes, this would effectively wipe out Section 230 for many, many sites that allow user contributed content.
A second problem with the complaint is that it relies on an identity theft law used against Bollaert. But anyone looking at the situation would know right away that this isn't any kind of identity theft. Again, Goldman explains: The crime asserted here, Penal Code 530.5(a), has two elements. First, the defendant must willfully obtain personal identifying information. Second, the defendant must use that information for an unlawful purpose.
When applied to actual identity theft, these elements make sense. If I steal your social security number and use it to obtain a credit card that I use to run up fraudulent charges, the two elements are clearly satisfied.
As applied to Bollaert, in contrast, the elements are confusing. (The criminal complaint, as typical for the genre, doesn’t explain how the law applies to the facts). How did Bollaert willfully obtain personal identifying information? He allegedly ran a UGC website where users could submit photos and personal information structured into standardized categories. It seems like this allegation would equally describe how all UGC websites “willfully” obtain content from their users. The one area where the claim may actually make some sense is the extortion claim -- as that definitely seems questionable. However, once again, this can run into some problems. For example, you can see a perfectly legitimate service that charges some sort of processing fee to take down content that had been previously posted. Merely charging to remove content, by itself, shouldn't be seen as extortion. Hell, we've recently had comment spammers who apparently got punished by Google's search rankings email us about removing the comment spam they were able to sneak through our spam filters. When I mentioned how silly this was on Twitter, many people suggested that we should charge the spammers to remove their spam comments. That actually seems like a reasonable (if amusing) idea. But would that be extortion? Under the claims against Bollaert, it's possible that such an action would be considered the same thing -- but I doubt most people would think the request to spammers would be extortion (not that we've done it either way).
And that leaves this whole case in a tricky spot. Bollaert's site was a problem. What he was doing was despicable in so many ways it's almost difficult to keep track of them all. But, if the case is allowed against him, it's quite possible that very bad precedents will be set that lead to significant problems for tons of legitimate sites. As Goldman notes, however, there's a good chance it will never get this far. Bollaert almost certainly will take a plea deal, and Harris will get yet another headline about how she's protecting the citizens of California, even if her legal theories might undermine its economy -- and many of the sites that people around the globe enjoy.
Permalink | Comments | Email This Story
Here's a general rule of thumb modern businesses: if you're working on giving people what they actually want, that's probably a good thing and bodes well for your business. If, instead, you force them to deal with a bunch of crap they don't want -- and then mock them for suggesting a better product, you're not long for this world.
Permalink | Comments | Email This Story
At the tail end of October, we brought you the story of Verizon's attempt to subvert New York's Freedom of Information Law by releasing hundreds of fully-redacted pages. Information on costs related to the buildout, repair and support of copper lines versus the inferior (and capped) replacement (Voice Link) Verizon was pushing was being sought by consumers who felt (understandably) that the company was overstating its claims in order to abandon copper line customers.
Verizon delivered page after fully-redacted page of "info" on costs, stating that revealing these "trade secrets" would give its competition an unfair advantage. While there is undoubtedly some truth to that claim, the fact is that the company had plenty of other reasons to keep the numbers hidden -- especially if it had been overstating the amount of money it would have to spend to restore copper service to areas knocked out by Hurricane Sandy.
Somewhat surprisingly, the New York Public Service Commission has sided with those seeking the information. Last Wednesday, the New York Public Service Commission ordered Verizon to provide the public with un-redacted cost information about providing phone service on Fire Island, New York. The directive denied Verizon’s request to be exempt from disclosing cost documents…
Consumer advocates complained Verizon was simply hiding the fact they were looking to get rid of those users anyway in order to focus on more profitable wireless service, and that Sandy itself was a red herring. Verizon ultimately dropped the request amid protests and said FiOS would be run to Fire Island after all. The commission addressed Verizon's "trade secret" claims with this statement. “The information claimed by Verizon to be trade secrets or confidential commercial information does not warrant an exception from disclosure and its request for continued protection from disclosure is denied,” it said in Monday’s ruling.
State officials wrote there “is no present or imminent contract award that could be impaired by the disclosure” and that the state Freedom of Information Law is based on a “premise that the public is vested with an inherent right to know and official secrecy is anathematic to our form of government.” Verizon plans to appeal the decision, which means the cost data will still be locked up while that process is underway. This decision, while a win for those seeking to verify Verizon's "it costs too much" claims, could possibly be exploited by companies who may being seeking competitors' proprietary data via proxy FOI requests. The Commission will need to be wary of the unintended consequences it just set in motion.
As for Verizon's New York customers, they're still not entirely happy with Verizon's earlier capitulation, which saw the provider decide to run FIOS to Fire Island rather than force customers into a shoddy wireless service with voice and data caps. Even with FIOS, Verizon is still failing to provide reliable phone service, something they say the law requires it to provide. Unlike copper lines, FIOS may not work during power outages.
Verizon (along with AT&T) has made little secret of its desire to ditch copper lines and move its customers towards higher margin wireless services. If Verizon is ultimately forced to turn over cost data to the public, it could make for some very interesting reading.
Permalink | Comments | Email This Story
De adviseur van het Europees Hof van Justitie concludeerde vandaag dat de huidige verplichte opslag van gedragsgegevens in strijd is met het Europees Handvest van de Grondrechten van de Europese Unie. Helaas houdt de adviseur tegelijkertijd de deur open voor massale opslag van gedragsgegevens onder striktere voorwaarden.
Zoals we hier al vaker schreven: op grond van de Europese Bewaarplichtrichtlijn wordt een half jaar tot een jaar lang gevoelige gegevens opgeslagen van iedere Nederlander, zoals waar je bent, met wie je belt, met wie je emailt, etc. Wij stellen al langer dat dit deze ongerichte surveillance in strijd is met het grondrecht op privacy.
Uit de opinie blijkt dat Advocaat-Generaal Cruz Villalón vindt dat de richtlijn onvoldoende scherp afgebakend is: het is niet duidelijk onder welke voorwaarden de overheid toegang kan krijgen tot de gegevens. Daarnaast worden de gegevens te lang opgeslagen: een opslagduur van twee jaar vindt hij niet proportioneel. Dat is een belangrijke overwinning voor Bits of Freedom, die al jaren strijdt tegen de massale opslag van gedragsgegevens.
De adviseur wijdt ook een paar overwegingen aan de vraag of deze ongerichte opslag in een bepaalde vorm toelaatbaar zou zijn. Helaas wekt hij de indruk dat dit bepaalde voorwaarden wél acceptabel kan zijn. Dat is maar de vraag.
Dit advies is overigens niet meer dan dat: een niet-bindend advies. De rechters van het Europees Hof zullen mede op basis van dit advies antwoord geven op de vragen die de hoogste rechters van Oostenrijk en Ierland over dit onderwerp hebben gesteld. De mening van Cruz Villalón betekent dus niet automatisch een herziening of zelfs afschaffing van de bewaarplicht. Daar is veel meer voor nodig.
Three campaign groups -- Big Brother Watch, the Open Rights Group and English PEN -- together with the German internet activist Constanze Kurz, have filed papers at the European court of human rights alleging that the collection of vast amounts of data, including the content of emails and social media messages, by Britain's spy agencies is illegal. More recently, Amnesty International also brought a case against the UK government: The human rights group Amnesty International has announced it is taking legal action against the UK government over concerns its communications have been illegally accessed by UK intelligence services.
In the latest of a series of legal challenges sparked by the revelations based on documents released by the whistleblower Edward Snowden, Amnesty said it was "highly likely" its emails and phone calls have been intercepted. Specifically: It has issued a claim at the Investigatory Powers Tribunal (IPT) arguing that the interception of its communications would be in breach of article 8 (right to privacy) and article 10 (right to freedom of expression) of the Human Rights Act. The IPT reviews complaints about the UK's secret services, but is largely toothless. The same is true of the European Court of Human Rights: a win there would be welcome, but largely symbolic, since the UK government would probably ignore it as it has other such judgments from this court. That's what makes the third legal challenge different: A British citizen's UK court action will test the legal right of Microsoft to disclose private data on UK citizens to the US electronic spying organisation, the National Security Agency (NSA).
The case will shine a light on the legality of top secret US court orders which require US technology companies to disclose details of foreign users' private communications.
Kevin Cahill, a British journalist, has brought the case in the Lord Mayor's and City of London County Court. The case centres on Cahill's belief that Microsoft breached the security of his email account.
Cahill argues that, by obeying orders that are legally binding only in the United States, Microsoft has contravened British law -- the Data Protection Act in particular. The Computer Weekly report quoted above explains that the legal action is against three of the companies involved in the NSA spying: Microsoft, Google and Facebook. Cahill wants the court to compel them to reveal the orders made under the US Foreign Intelligence Surveillance Act (FISA), and to pay him damages of around $1600 (each, presumably.)
As the UK human rights lawyer Geoffrey Robertson is quoted as saying, if successful, this case could have far-reaching consequences not just for Microsoft, Google and Facebook, but for any US company that aids the NSA in this way: "Microsoft allegedly betrayed its customers by providing their personal information, without their consent, to the NSA," said Robertson.
"This would constitute a serious breach of the British Data Protection Act, by an American company putting its allegiance to America above its legal duties to its British customers." Naturally, that would place the US companies concerned in a difficult position: forced by US law to disclose information to the NSA, but liable to pay compensation to millions of aggrieved UK citizens for contravening the country's Data Protection Act. And that's why the case is so important: once companies start getting hit with fines in the UK, and perhaps elsewhere in Europe too, they might start pressing the US government even harder to rein in the NSA's activities.
Permalink | Comments | Email This Story