Hoe kan Big Data gebruikt worden voor een effectiever veiligheidsbeleid zonder dat daarbij de privacywaarborgen verloren gaan? Hoe kunnen we straks genieten van de voordelen zonder de nadelen te ervaren? Vragen die ons bezighouden, en vragen die de regering stelde aan de Wetenschappelijke Raad voor het Regeringsbeleid (WRR). Hier volgen de belangrijkste conclusies en aanbevelingen van de WRR.
Wat is Big Data eigenlijk?
Het rapport Big data in een vrije en veilige samenleving van de WRR geeft geen definitie van Big Data maar beschrijft een drietal hoofdkenmerken om duidelijk te maken waar het bij Big Data om gaat:
- Data: het gaat om grote hoeveelheden gestructureerde en ongestructureerde data uit verschillende bronnen.
- Analyse: de analyse is ‘data-driven’ en zoekt geautomatiseerd naar correlaties. De grootste potentie wordt verwacht van realtime en voorspellende analyses.
- Gebruik: de analyses moeten leiden to ‘actionable knowledge’ (ingrepen in de realiteit op basis van bestandsanalyses.
Dit zijn meteen ook de drie fasen van een standaard Big Data toepassing: eerst gegevens verzamelen, ze vervolgens analyseren en er dan iets zinnigs mee proberen te doen.
Wordt Big Data al gebruikt in het veiligheidsdomein?
De Raad heeft zeven verschillende cases van datagebruik binnen het veiligheidsdomein goed bekeken. Van het Criminaliteits Anticipatie Systeem (CAS) van de Amsterdamse politie (vorig jaar nog goed voor een Big Brother Award) tot de Infobox Crimineel Onverklaarbaar Vermogen, en van de analysetechnieken van de Belastingdienst (zie ook dit stuk van Maurits Martijn) tot aan het controversiële Systeem Risico Indicatie (SYRI). Ook Smart Borders en Smart Cities komen natuurlijk aan bod.
De auteurs merken op dat in die cases Big Data vaak nog maar een beperkte rol speelt. Er wordt bijvoorbeeld nog amper gebruik gemaakt van datagestuurde analyses en in plaats van effectievere opsporing gaat het vaak gewoon om automatisering waardoor standaard processen goedkoper gedaan kunnen worden. Wel wordt er al verschrikkelijk veel data aan elkaar gekoppeld.
Is Big Data wel effectief?
De potentiële voordelen van Big Data liggen volgens het rapport op het gebied van efficiëntie, het terugkijken in de geschiedenis, het real-time analyseren en op het voorspellen van misdaad.
Daar staan een aantal potentiële problemen tegenover. De analyse van data is volgens de Raad bijvoorbeeld nooit neutraal omdat het theoretisch kader altijd vooronderstellingen bevat. Verder kun je uit correlatie geen causaliteit afleiden en ontkom je er niet aan dat er in Big Data-analyses altijd fouten zullen zitten. En als je gaat zoeken in grote hoeveelheden data vind je altijd wel correlaties, maar of die ook betekenisvol zijn weet je niet.
Omdat Big Data gebaseerd is op patroonherkenning in grote hoeveelheden data is het eigenlijk alleen maar geschikt voor veiligheidsvraagstukken die een regelmatig karakter hebben. Als een vraagstuk heel weinig voorkomt (denk aan terreur) dan is er onvoldoende materiaal beschikbaar om een betekenisvol patroon te ontdekken. Het rapport is daarmee (impliciet) bijzonder kritisch over de te verwachten effectiviteit van de plannen van Plasterk voor een sleepnet voor de geheime diensten:
“Datamining – de voor Big Data kenmerkende analysevorm – is niet voor alle vormen van misdaadbestrijding even geschikt. Datamining is voor het voorkomen van terroristische aanslagen waarschijnlijk een ineffectieve methode. Patroonherkenning werkt het beste bij overtredingen die een vast en terugkerend patroon laten zien. Omdat elke terroristische aanslag uniek is, is het nagenoeg onmogelijk om een goed profiel te maken. In combinatie met een gering aantal aanslagen levert dit te hoge foutpercentages op.”
Wat zijn de risico’s van Big Data?
De WRR staat ook stil bij de grote risico’s van het gebruik van Big Data. Zo leiden data-gedreven oplossingen altijd tot social sorting en liggen daarbij discriminatie en profilering op de loer. Het is bijna per definitie onmogelijk om privacy en Big Data met elkaar te rijmen. Het gaat bij Big Data vaak om miljoenen kleine individuele privacyschendingen (zo klein dat mensen zelden naar de rechter stappen) die samen, bij elkaar opgeteld, wel degelijk een grote schending zijn. Verder is er altijd een kans op function creep: het inzetten van de data of methodologie van één succesvol Big Data project in een ander project met een andere context. Ook is er het gevaar van een chilling effect (met alle negatieve gevolgen voor de democratie van dien) als mensen zich anders gaan gedragen doordat de overheid private data voor veiligheidsdoeleinden gaat gebruiken. Tot slot uiten de auteurs hun zorgen over de informatieongelijkheid die in de hand wordt gewerkt door Big Data. Ze benoemen daarbij de transparantieparadox: het feit dat burgers steeds transparanter worden voor de overheid en bedrijfsleven, terwijl deze organisaties in de manier waarop ze de data in hun analyses gebruiken niet open zijn naar burgers.
Een horizonbepaling, beter toezicht en de menselijke maat
Big Data is volgens de Raad niet meer te stoppen. We moeten dus nadenken over hoe we de risico’s kunnen inperken. Het rapport komt daarvoor met een aantal aanbevelingen. Zo zou er rondom het gebruik van Big Data een wettelijk te omschrijven zorgplicht moeten gaan gelden en moeten Big Data projecten door een externe toezichthouder worden ge-reviewed waarbij die toezichthouder ook meteen moet controleren of aan de zorgplicht wordt voldaan. Daarnaast moeten grote dataverwerkingsprojecten binnen de overheid (en in het veiligheidsdomein) een horizon van 3 tot 5 jaar krijgen: als het project niet blijkt te werken, dan moet het weer worden opgedoekt. Ook wordt er aanbevolen om geautomiseerde beslissingen (“computer says no“) te beperken en juridisch vast te leggen dat de verantwoordelijkheid voor de juistheid van een Big Data-beslissing bij de gegevensverwerker blijft. De overheid mag de computer of het algoritme dus niet de baas maken of de schuld geven.
Reguleren we het verzamelen of het gebruik van data?
Volgens de auteurs van het rapport is hun belangrijkste conclusie dat de focus van de huidige wet- en regelgeving op de fase van het verzamelen van gegevens in het Big-Data tijdperk niet meer volstaat. Hun voornaamste aanbeveling is dan ook om het regulerend kader te verbreden van het verzamelen van gegevens naar de regulering van de analyse en het gebruik van de gegevens.
Hoewel wij het een goed idee vinden om de analyse en het gebruik van data beter te reguleren vinden we dat dit niet ten koste mag gaan van het reguleren van het verzamelen van de data. Anders gezegd: het beperken van hoe data gebruikt mag worden kan wat ons betreft niet als oplossing dienen voor het fundamentele probleem dat Big Data heel slecht te verenigen is met fundamentele uitgangspunten van (Europese) privacywetgeving zoals doelbinding.
In een artikel in de verkenning Exploring the Boundaries of Big Data, die tegelijkertijd met het rapport is uitgekomen, schrijft Joris van Hoboken (naast academicus ook voorzitter van Bits of Freedom) over deze spanning:
The most productive way to address this tension would be to see use-based regulation not as an alternative to regulation of collection, but as a complimentary regulatory strategy that can help address some of the new challenges to privacy inherent in the possibilities of large-scale data analytics.
Naar onze smaak hebben de auteurs van het rapport te weinig naar deze suggestie geluisterd en blijven ze te ambivalent over dit punt. Zo staat er in de factsheet met aanbevelingen dat “de aandacht moet worden verlegd van het reguleren van het verzamelen van data [..] naar de regulering van [..] de fases van de analyse en het gebruik van Big Data.” Die aandacht verleggen lijkt ons geen goed idee, juist niet binnen het veiligheidsdomein. Het is essentieel om zowel het gebruik als het verzamelen te reguleren.
Verder praten met de minister
Toen wij de net aangetreden minister van Veiligheid en Justitie naar een visie op privacy vroegen kregen wij van hem de verzekering dat hij ons (en de rest van de ‘Privacycoalitie’) daarbij zou betrekken. In zijn toespraak bij het in ontvangst nemen van het rapport deed hij deze belofte nogmaals. Wij kijken er dus naar uit om betrokken te worden.
Op de website van de WRR vind je meer informatie. Je kunt een aantal zaken ook direct als PDF downloaden: de factsheet met aanbevelingen, de samenvatting, het volledige rapport en tot slot de bijbehorende wetenschappelijke verkenning.
Wat vind jij?
Bits of Freedom vind het goed om te lezen dat de wetenschappelijke adviseurs van de regering zo kritisch zijn op de rol van big data in een vrije en veilige samenleving. Wat vind jij? Kan Big Data ons helpen bij een effectievere opsporing zonder dat dit ten koste gaat van privacy? En wat vind je van de discussie over verzamelen versus gebruik? Laat het ons en de WRR weten.
We're going to have to keep hammering this home until more people get it: trademark law is about preventing confusion in the marketplace. The reason why that needs to be understood is that just about every time you read a story about one entity going after another over a trademark issue, the refrain of "we must protect our trademarks or we lose them" is trotted out like some kind of bower card that trumps the rest of the discussion. That excuse is just that: an excuse. And it certainly doesn't lift from those that use it the burden of being called trademark bullies.
Here to show us all an example of this kind of bullying is Vice Media, which decided to fire off a cease and desist letter to ViceVersa, a barely-making-it punk band. Vice Media, a company valued at $2.5 billion whose CEO once spent $300,000 on dinner, wants ViceVersa, an unsigned Los Angeles indie band whose members are struggling to pay rent, to change its name — or else.
In a cease-and-desist letter sent to the band, a copy of which was obtained by The Huffington Post, the media behemoth says the three-piece rock outfit’s name and logo both sound and look too similar to Vice’s own name and logo. The band, the letter argues, is “infringing on the exclusive rights held by Vice Media in the VICE® Mark” and is “likely to confuse consumers as to the source of services offered under [ViceVersa’s] mark, and wrongly implies that Vice Media sponsors, endorses or is otherwise affiliated with [ViceVersa].” There's enough gall here on the part of Vice Media to make this funny in a sad kind of way. Now, to be fair, Vice Media does indeed operate Vice Music, a label which has released records with some very big names in the music industry. It also owns a ton of other media outlets, such as magazines, book publishers, films and digital television. And it claims to own the rights to the word "vice" in basically any permutation or word combination for all of those markets. That isn't actually true, of course, but that doesn't keep a behemoth from trying to stomp on a little punk band.
I'll note that the threat letter arrived just after the USPTO approved the band's request to trademark its name, ViceVersa. Not that we should take the USPTO's opinion on whether a mark is valid as gospel, certainly, but I daresay that Vice Media isn't exactly an unknown around the USPTO offices, yet it approved ViceVersa's trademark. Which is when the threat letter arrived, seriously suggesting that ViceVersa was infringing on its trademark for "commercial profit and gain, to the great detriment of Vice Media."
Below you can see a video released by the band that is about to bring one of the media giants of this world to its knees.
Those do indeed look like dangerous folk, I guess. Now, Vice Media hasn't yet trotted out the aforementioned excuse that it must protect its trademark or else lose it, but it will if asked. That's what these companies do. And it's common. Harry Finkel, ViceVersa’s attorney, says these kind of cease-and-desist letters are common. “You have a big company that is overzealous in protecting its mark,” he said.
Finkel says he wrote a letter back to Vice offering to change some of the language in Morales’ trademark application, so that it was clear that the band “would not be doing anything with TV shows or magazine publishing or publishing in general” that could be seen as encroaching on Vice’s territory. He says he never heard back from the company. Instead, Vice in March filed a letter of opposition to the Trademark Trial and Appeal Board, asking that ViceVersa’s trademark application be denied. Nope, they're not talking to you, sir. Parley is part of the pirate's code, after all. Honorable folks like Vice Media would never engage in conversation in order to stop bullying a punk band in California. Vice Media has a history of doing this kind of thing, of course, but hopefully the USPTO smacks this opposition down tout de suite.
Permalink | Comments | Email This Story
- A Guinness World Record for the "Farthest hoverboard flight" has been set by Franky Zapata at a distance of 2,252 meters (7,388 feet). Zapata rode a Flyboard Air, developed by Zapata's own company, and he set the record at an altitude of about 150 feet in the air -- although the aircraft can reach a maximum altitude of 10,000 feet (and a maximum speed of 93 mph). [url]
- ArcaSpace's ArcaBoard is a hovering platform that produces 430 pounds of thrust from 36 electric fans that can lift a person about a foot off the ground. It's a bit pricey at just under $20,000 -- but it works over nearly any surface, including water (unlike the Back To The Future hoverboards or hoverboards that rely on some kind of magnetic levitation tricks). [url]
- Colin Furze has constructed a homemade hoverbike in his garage, and it kinda works. There's no steering or brakes, but it does hover in place for a bit before drifting off in whichever direction the rider leans toward. (We've previously pointed out a slightly better design called the F-bike of a similar concept, using multicopters.) [url]
Permalink | Comments | Email This Story
Defense Department Screws Over FOIA Requester Repeatedly, Blames Him For 'Breaking' The FOIA Process
The FOIA system is broken. The administration pays lip service to transparency while aggressively deploying exemptions. Agencies routinely complain about FOIA response budgets and staffing levels, yet no one seems motivated to fix this perennial issue. FOIA reform efforts moving forward with bipartisan support are repeatedly killed after receiving pushback from the White House.
Then there's this: a single requester is being blamed for a backlog of FOIA requests at an agency that's never underfunded -- the Department of Defense.
According to its "Chief Freedom of Information Act Officer Report," Nick Turse is the US citizen who has managed to bring the slowly-moving DoD FOIA machinery to a complete halt. The report, for instance, laments that “despite their best efforts to provide helpful details, great customer service and efficient responses,” some DOD components were “still overwhelmed by one or two requesters who try to monopolize the system by filing a large number of requests or submitting disparate requests in groups which require a great deal of administrative time to adjudicate.” The study went on to call out:
"[o]ne particular requester [who] singlehandedly filed three requests with SOUTHCOM [U.S. Southern Command], 53 requests with AFRICOM, 35 requests with SOCOM [Special Operations Command] and 217 requests with OSD/JS [Office of the Secretary of Defense/ Joint Staff] for a total of 308 cases this fiscal year alone. For AFRICOM, this represents 43 percent of their entire incoming requests for the year and 12 percent for SOCOM. This requester holds over 13 percent of the currently open and pending requests with OSD/JS and over the past two years has filed 415 initial requests and 54 appeals with this one component." If this seems like a lot of requests from one person, it isn't. This is the way the system works. Agencies routinely delay responses (Turse has been waiting more than four years for responses to some of his FOIA requests) when not redacting them to uselessness, forcing requesters to make multiple requests for the same information or related documents, in hopes of actually receiving some information in response to their information requests.
The percentages may seem high, but AFRICOM isn't exactly a popular FOIA target. This focus relates to Turse's ongoing investigative reporting on abusive behavior by US soldiers stationed at bases in Africa. What he has managed to uncover so far isn't pretty, and his reporting on it has won him no friends in the Pentagon. I made, for instance, a couple hundred attempts to contact the command for information, comment, and clarification while working on an article about criminal acts and untoward behavior by U.S. troops in Africa — sexual assaults, the shooting of an officer by an enlisted man, drug use, sex with prostitutes, a bar crawl that ended in six deaths. Dozens of phone calls to public affairs personnel went unanswered, countless email requests were ignored.
At one point, I called [DoD Chief of Media Engagement Benjamin] Benson, the AFRICOM media chief, 32 times on a single business day from a phone line that identified me by name. He never picked up. I then placed a call from another number so that my identity would be concealed. He answered on the second ring. Once I identified myself, he claimed the connection was bad and the line went dead.
Today, when I write to the current AFRICOM public affairs chief, Lt. Cmdr. Anthony Falvo, I receive similar treatment. I often get a return receipt back that tells me my email to him “was deleted without being read.” This happened to me, for example, on Thursday, September 10, 2015; Friday, October 2, 2015; Tuesday, October 6, 2015; Thursday, November 5, 2015; Friday, November 27, 2015; Wednesday, February 10, 2016 … you get the picture. That the DoD finds itself swamped by Turse's requests is its own fault. Had it simply returned the requested documents in a timely fashion, it would not have this Turse-centric backlog to complain about. Now, it's using an official report to portray the FOIA process as unnecessarily burdensome on the government and prone to abuse by tenacious citizens. This portrayal is not only false, but it obscures the fact that the DoD still controls every interaction with FOIA requesters. It has held Turse at arms length for several years and now it won't even answer his emails and phone calls regarding requests it has yet to answer. But in its report, it complains that it's Turse that has broken the system, rather than this being the FOIA system's natural state: that it only works as well as responding agencies want it to.
Permalink | Comments | Email This Story
Lawsuit: CBP Took $240,000 From Man And Refused To Respond To His Forfeiture Challenge Until It Had Already Processed It
Looks like someone might be getting their money back after CBP agents -- operating a great distance from the US borders -- seized $240,000 from a man traveling through Indiana. While driving along I-70 outside of Indianapolis last November, Najeh Muhana was pulled over for not signalling a lane change. That's when things got weird and a bit unconstitutional.
According to his filing for return of his money, Muhana's vehicle was searched "without consent, warrant or probable cause." The Hancock County Sheriff's Department officers even brought a drug dog to the scene, but failed to uncover any contraband. The $240,000 Muhana was carrying caught their eye, though.
Muhana (correctly) intuited the officers wanted to take his money. So he told them he had just been talking to the person the money was owed to. This story, which was untrue, seemed to upset the officers, who spent the next hour discussing something presumably related to how they could take the cash from Muhana -- because that is exactly what they eventually did.
This decision was made when CBP agent Scott Thompson -- operating roughly 250 miles from the nearest border -- arrived on the scene. Thompson took the money and gave Muhana a "receipt for property." Muhana, whose native language is Arabic, took this to mean the money would be returned when the CBP finished its investigation into whatever it was it thought was going on here.
Shortly after that, the Sheriff's Department took Muhana into custody based on a traffic stop that had occurred four months earlier in another state. Details on that arrest suggest Muhana may have been involved in selling unlicensed cigarettes. Najeh Muhana, 39, St. Louis, was preliminarily charged with possession of untaxed cigarettes, according to a Henry County Jail List.
Muhana’s charges stem from an incident that initially began on I-70 in July when members of the Pro Active Criminal Enforcement Team pulled over his rental van for unsafe lane movement. Blankets covered the cargo area and police confiscated 2,400 cartons of Newport cigarettes, valued at more than $147,000, and 650 cans of infant formula, valued at $10,500.
The cigarettes had a Missouri tax stamp, said Major Jay Davis of the Henry County Sheriff’s Department, noting that in Indiana, it is illegal to possess such items without an Indiana tax stamp. During this stop -- which occurred in November -- officers uncovered nothing more than cash. They may have believed the two were related, but they never bothered connecting the dots for the benefit of Muhana, much less used it as a basis for the cash seizure.
In fact, all the involved agencies did was pass the buck -- along with Muhana's bucks -- whenever he sought information on how to work towards the return of his money. The filing details multiple attempts to obtain any confirmation on the forfeiture, or who he should speak to in order to get the process underway. Further, there's no record that Muhana was ever notified of the CBP's intent to pursue forfeiture -- nothing beyond the mysterious "receipt for property" the CBP agent gave him.
Muhana began making inquiries a few weeks after the money was taken, beginning in December 2015. In January, CBP agent Scott Thompson told him the case had been turned over to the CBP's Ohio office. The following Kafka-esque chain of events is directly from the filing. On or before January 19, 2016, Mr. Muhana's counsel contacted Eartha Graham, Paralegal Specialist, U.S. Customs and Border Protection in Middleburg, Ohio regarding the status of the Currency.
On January 19, 2016, Ms. Graham responded via email to counsel, stating, "I will need something in writing preferably on company letterhead stating you are representing Mr. Muhana asap."
On January 20, 2016, counsel followed up with a facsimile to Ms. Graham, in writing,
In response to your email to me yesterday, this will confirm that I represent Najeh Mulhana relating to the seizure of three (3) bags of currency by the US. Customs Service on or about November 6, 2015, in Indiana. The seizing officer was Special Agent Thompson. Mr. Muhana is requesting return of the money.
On January 26, 2016, counsel again contacted Ms. Graham related to the Currency, asking, "Will the agency be sending me some notification regarding its intentions relating to the seized money?" She responded, "Yes, we will be sending something out soon."
On February 1, 2016, Ms. Graham followed up again with an email to counsel stating, "I just received word from our counsel to request a written statement sign (sic) by Mr. Muhana, stating you will be representing him for currency case." The same day, Mr. Muhana's counsel sent Ms. Graham an email with a copy of the law firm's engagement letter attached.
On February 8, 2016, counsel received a letter from Tessie Douglas, FP&F Officer, US. Customs and Border Protection, Middleburg, Ohio, dated February 4, 2016. In the letter Ms. Douglas stated,
This is with reference to your inquiry on behalf of your client Mr. Najehm Muhana, about the currency that was seized on November 6, 2015.
The circumstances of this case have been reviewed. It has been determined that since your client waived his rights to the currency by signing the abandonment form, he cannot make claims on the currency. The forfeiture process was completed on February 1, 2016. The next day, Muhana's lawyer wrote back, pointing out several things. First, he had received nothing in the way of a signed waiver by Mr. Muhana indicating his relinquishment of ownership. Furthermore, even if Muhana had signed something of that sort during the arrest, he is unable to read or write in English and may not have known what he was signing. In addition, even if such a signed waiver exists, there's nothing forbidding Muhana from attempting to correct his mistake during the time between the seizure and its finalization. Muhana's attorney demanded the CBP provide him with a copy of the supposed waiver.
A reasonable request, one would think, especially when a quarter of a million dollars was on the line. But guess what? The CBP doesn't turn over that sort of paperwork to people it's taking money from. It will only turn that paperwork over to anyone who asks for it using a completely unrelated process. And that's only if it decides it isn't covered by multiple investigation-related exemptions. Behold: your tax dollars at work, giving you the finger over its cubicle wall. There was no response until March 7, 2016. This time, counsel received an email from Rose Parks, Paralegal Specialist, U.S. Customs and Border Protection, Cleveland, which stated as follows:
The subject-referenced case has been re-assigned to me, as Ms. Graham has left our department. Per my supervisors, we do not provide copies of abandonment forms. To obtain a copy of the form, you would need to file a FOIA request. Muhana's lawyer fired right back, hoping to find someone willing to provide more info on the up-to-this-point nonexistent waiver. Ms. Parks:
Thank you for your message. Please confirm that the Agency has referred this matter to the US Attorneys' Office per my prior email for determination regarding forfeiture. Again, my client is making claim to the money. I understood from my conversations with Ms. Graham that the case had been re-assigned to the US Attorney for that purpose. If I have misunderstood her, please let me know immediately. Nothing there for Mr. Muhana either. Ms. Parks then stated as follows in her follow-up response: "The currency has been forfeited and the case is closed. No referral is being made." The money is gone, apparently, after having skipped some necessary intermediate steps. As the filing points out, the government must notify involved parties of the intent to pursue a forfeiture. This is to give people like Najeh Muhana a very slim window in which to raise a challenge. Muhana's lawyer says that -- contrary to the law -- he was never given written notice of the agency's intentions.
The agency claims (sort of) that it had no obligation to do so because Muhana had disclaimed his ownership of it. But the chain of communications clearly show Muhana had both claimed ownership and was interested in pursuing its recovery. The agent directly involved with the seizure was made aware of this in December 2015, less than a month after the funds were taken. The agency itself was notified in writing of Muhana's intent to challenge in January 2016 -- well before the agency's February 1st declaration that the money had been forfeited.
As Muhana's lawyer points out, this is clearly bullshit. Here, the Agency knew that Mr. Muhana was claiming to be the owner of the Currency through the repeated inquiries of his counsel. Rather than acknowledge those inquiries and respond to them, the Agency delayed any response until after February 1, 2016, when it unilaterally declared a forfeiture of the Currency. Thus, despite actual knowledge that Mr. Muhana was the owner of the Currency, the Agency refused to provide written notice to him about the Currency being seized and the Agency's intention to declare a forfeiture. Given what's detailed here, it strongly appears as though the CBP processed a forfeiture while skipping past all the due process niceties. If so, Muhana is likely to not only prevail, but "strongly prevail" in his claim against the agency, which means it will not only have to give him back his $240,000 but pay his legal fees as well.
Permalink | Comments | Email This Story
As part of our funding campaign for our coverage of encryption, we reached out to some companies that care about these issues to ask them to show their support. Today, we're taking a look back at a series of four posts sponsored by Golden Frog, a company dedicated to online privacy, security and freedom.
California's Anti-Encryption Bill: At the beginning of April, we called attention to a bill in California that had gone from bad to worse. Originally a ban on smartphone encryption, it was tinkered with until it became a requirement for encryption backdoors, which could have forced manufacturers to create special California versions of their products with weakened security. Though obviously not as high-profile or as far-reaching as the Burr/Feinstein encryption bill in Senate, it was ultimately the same thing: a wrongheaded attack on device security framed as a necessity for law enforcement, despite that being a very unconvincing notion.
Thankfully, California lawmakers seem to have come to their senses on this one. The bill died without a vote a week later, after the Assembly Committee on Privacy and Consumer Protection realized what a terrible idea it was.
From the Golden Frog Blog: We Agree With Apple — We Can’t Set The Precedent Of An iPhone "Backdoor"
A Scary Thought Experiment About The NSA: A few weeks ago, Glyn Moody called our attention to a fantastic (if somewhat disturbing) presentation from 2014, breaking down some ways the NSA could infiltrate our digital networks at the most basic and undetectable level. This notion remains hypothetical but all-too-conceivable, especially when there have been plenty of examples of companies cooperating with the government and the intelligence community without being tricked into doing so.
From the Golden Frog Blog: AT&T, Shame on You for Helping the NSA Spy on Us
The USTR Comes (Partly) To Its Senses: The USTR's history with internet policy and digital innovation has always been, to put it mildly, discouraging. So we were surprised to see a change of tune in this year's National Trade Estimate report, which called out internet censorship in China and Pakistan as serious barriers to innovation and free expression, and even pointed out the myriad dangers of the EU's Digital Single Market strategy and the problems with a "Google tax". This is still far from a total about-face for the USTR, with the very same report managing to contradict itself when it came to intellectual property issues — but it's a very welcome step in the right direction.
From the Golden Frog Blog: EU Reforms Data Protection and Privacy Rules in Huge Overhaul
Snowden's Positive Impact On Encryption Adoption: National Intelligence Director James Clapper thought he was decrying Edward Snowden when he pointed out that his actions massively accelerated the adoption of encryption technology, shaving years off the NSA's estimated timeline — but those of us who value data security and internet freedom had a different takeaway, and considered it yet another example of the good Snowden's revelations have done. The whole thing really highlighted the mismatched priorities and values between the intelligence community and the American public (as if that needed any more highlighting).
From the Golden Frog Blog: Encryption Fundamentals: What Everyone Should Know
We'd like to thank Golden Frog for supporting our coverage of these critical issues relating to security, privacy and encryption. As you've likely noticed, their blog is full of great content that also explores these topics. In addition to the links we've featured so far, here are some more posts that may be of interest to Techdirt readers:
Privacy & Security on the Golden Frog Blog:
- No Encryption Backdoors: Why the Government is Wrong
- I Am Anonymous When I Use a VPN — 10 Myths Debunked
- Is Your Privacy Provider Trustworthy?
- What Social Media Sites are Blocked Around the World?
- Public Wi-Fi: Think Before You Connect
VyprVPN from Golden Frog is the world's fastest highly-secure VPN.
Get 25% off VyprVPN now »
Permalink | Comments | Email This Story
By now, most people are aware that Facebook advertisements can be quite targeted in nature, whether by age, gender, or location. Most people also are aware of the level of spending by politicians and government for Facebook ads to get their messages out to their targeted audience. But just how targeted can Facebook ads be in the service of politicians? Well, for that we turn to the story of Lisa Murkowski, Senator from Alaska, and her attempt to get a road built between two towns in her state.
Alaska Senator Lisa Murkowski has been trying for years to convince the Interior Department to allow Alaska to build a 11-mile road through a wildlife refuge to make two remote towns in the state more easily accessible. But the Interior Department has balked, citing environmental concerns; the area is a habitat for migratory birds. In order to convince Department officials to change their minds, Murkowski recently targeted them—and only them—with a video ad on Facebook.
How did she do this? Well, she produced a video advertisement and bought ads on Facebook that were set to run specifically during lunchtime hours and geo-targeted 1849 C Street, N.W. in Washington D.C.. That address is the building for the Interior Department. That's fairly precise targeting, I think, which is why it's actually quite impressive that the advertisement appeared in the newsfeeds seven-thousand times as it ran and the video had been clicked on well over two-thousand times. But exactly how precise was the geo-location portion of this advertisement?
Well, it depends on how big the building is. A spokesperson from Facebook directed me to a help page explaining how to target people in a specific location (which it can determine from GPS coordinates off their smartphone or, less reliably, from the IP address of their computer). The most granular option is targeting a location with a radius of one kilometer, or a little over half a mile.
So if you were targeting a workplace with a one-mile long campus, like Facebook itself, you could be guaranteed to show an ad only to people in its buildings. But the Department of Interior takes up just one city block. So when Murkowski targeted the Interior Department’s address, she was actually targeting not just that building, but all the people and buildings in a half-mile radius. Which probably led to some very confused people in nearby buildings wondering what the hell this video about a road in Alaska was doing in their newsfeed. This does come off as perhaps a tad unseemly, but I view this kind of targeted advertising less negatively than I do traditional lobbying efforts. And it's not exactly clear whether all of those views had any real effect on the policy-makers, as the Interior Department still opposes the building of the road as of the date of this writing.
Still, it's a brave new world out there for anyone looking to influence policy-makers.
Permalink | Comments | Email This Story
The same thing is happening in Brazil, where ISPs have convinced telecom regulator Anatel it's absolutely necessary to shift from flat-rate pricing to metered usage lest the Internet explodes (it's surely just coincidental that Netflix's popularity is soaring). And, like here in the States, regulators have been more than happy to help repeat broadband industry claims that you need low caps and overage fees because it's just not possible to continue offering unlimited broadband:"...The president of the telecom watchdog Joao Resende told journalists at a press event yesterday that it is unlikely that Anatel will challenge operators, since "not all models can accommodate an unlimited service provision and also because the networks won't be able to cater for everybody." Resende added that operators are guilty for making users think that unlimited service provision would be available indefinitely.The problem is that most consumers and press outlets are perfectly capable of reading earnings reports, and realize that flat-rate broadband has been perfectly sustainable, and that caps and overage fees are really just massive price hikes on uncompetitive markets:"Companies argue that caps are needed to prevent network congestion, but continued investment in infrastructure to cope with forecast demand consistently announced by these same firms in recent years suggest that usage caps really have nothing to do with network congestion issues. In addition, bandwidth costs for telcos largely remain fixed, and despite major growth in their user base, providers such as Vivo are paying less today for raw bandwidth than they were a decade ago. So really, there is no technical or economic justification for a cap."Anatel had been pondering regulation that would have codified this shift toward metered usage, but the unprecedented amount of public backlash appears to have the regulator re-thinking its agenda:"According to Anatel, the decision to let service providers introduce the data limits has now been stalled due to the several complaints that were received, and will remain on hold until the proposals for the new plans have been submitted by operators and analyzed by the watchdog."That doesn't mean Anatel won't ignore consumers anyway, but it does highlight how consumer activism and revolt can at the very least still give telecom regulators pause. Instead of letting ISPs wage war on innovative services with unnecessary usage caps, less beholden regulators have realized their focus should be on improving broadband competition, which in turn improves speeds (Akamai currently ranks Brazil 80th in overall broadband speed) but organically punishes neutrality violators and prevents carriers from being able to pummel captive markets with such glorified rate hikes.
Permalink | Comments | Email This Story
At the end of last year, Mike wrote about an attempt to keep the Diary of Anne Frank out of the public domain by adding her father's name as a co-author. As Techdirt wrote at the time, that seemed to be a pretty clear abuse of the copyright system. But it also offered a dangerous precedent, which has just turned up again in a complicated case involving the French composer Maurice Ravel, and his most famous composition, the hypnotically repetitive ballet score "Bolero."
Ravel died on December 28, 1937, so you might expect the score to have entered the public domain in 2008, since EU copyright generally lasts 70 years after the death of a creator. But by a quirk of French law, an extra eight years and 120 days is added for musical works published between January 1, 1921, and December 31, 1947 (on account of the Second World War, apparently). Ravel's Bolero first appeared in 1922, and therefore receives the extra years of copyright, which means that according to French law, it entered the public domain on May 1 this year.
But Bolero has a big problem -- actually, a $57 million problem, which is the amount the work is estimated to have generated in royalties since 1960. Naturally, the owners of the copyright were keen to continue receiving that nice flow of money for doing precisely nothing. So they came up with an idea: add a co-author, which would, as with the Diary of Anne Frank case, conveniently extend the copyright, in this case by another 20 years (original in French.)
Fortunately, the French Society of Authors, Composers and Publishers of Music (SACEM), which handles these matters, has decided that adding a co-author was not justified, and that Bolero should indeed enter the public domain (original in French). As a result, you can find the score and performances of Bolero freely available on Wikimedia Commons and elsewhere.
This episode is even more outrageous than it seems, because of who exactly was trying to get the copyright extended. As Yahoo News explains:
Ravel died unmarried and childless in 1937.
His only heir was his brother Edouard, who died in 1960, unleashing a bitter and complex legal battle over the rights which at times has involved Edouard's nurse and her husband, great-nephews and even a legal director of SACEM. So the connection of the copyright holders with Ravel was in any case extremely tenuous. Credit to SACEM for rejecting -- unanimously -- the attempt to use the co-author trick. Sadly, this is unlikely to be the last time we see it deployed given the limitless sense of entitlement displayed by some copyright holders.
Permalink | Comments | Email This Story
Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.
Permalink | Comments | Email This Story
The proposed Rule 41 changes recently adopted by the US Supreme Court can't go into force fast enough for the FBI. The changes -- if approved by Congress (which needs to do nothing more than literally nothing for this to happen) -- would allow it to hack computers anywhere in the nation by removing jurisdictional restrictions.
Its decision to keep a child porn site up and running in order to deploy a hacking tool to sniff out obscured user information now appears to have been a colossal mistake. The warrant for the search performed by the FBI's NIT was issued in Virginia, but the actual searches took place all over the nation. While the seized server may have been located in the state, the users identified by the NIT were located as far away as the opposite coast. The FBI's decision to ignore jurisdiction limits under Rule 41 is now costing it loads of evidence.
Judges in Massachusetts, Oklahoma and Kansas have found the searches to be illegal because they're based on invalid warrants. The government is now fighting these suppression orders. In Oklahoma, it recently entered its challenge of the court's decision to suppress evidence obtained with the NIT, using an interesting take on Rule 41 that attempts to align it with the infamous All Writs Act -- mainly that Rule 41 should be construed liberally to allow the FBI to do anything Congress hasn't expressly forbidden it to do. Rule 41(b) is meant to be applied flexibly, not rigidly. United States v. Koyomejian, 970 F.2d 536, 542 (9th Cir. 1992). When emerging technologies create a situation in which the specific language of Rule 41 does not explicitly permit a warrant, the Supreme Court has concluded that Rule 41 “is sufficiently flexible to include within its scope electronic intrusions authorized upon a finding of probable cause.” United States v. New York Tel. Co., 434 U.S. 159, 169 (1977). The Supreme Court goes on to explain that a flexible application of Rule 41 is supported by Fed. R. Crim. P. 57(b), which provides in the absence of controlling law, “a judge may regulate practice in any manner consistent with federal law, these rules and the local rules[.]” Just as the DOJ government would prefer we focus on a case that's almost four decades old (1979's Smith v. Maryland) when discussing bulk surveillance, Stingray devices and cell site location info, it wants us to page through late 70s court decisions when discussing the FBI's actions during the last couple of years.
In the middle of its paragraph stating that courts should be granting the FBI much more leeway when it deploys previously-unused investigative techniques, the DOJ slips in a reference to 1977's US v. New York Telephone Company -- the same Supreme Court decision it says justifies its use of the All Writs Act to force Apple to comply with demands to unlock encrypted iPhones.
The problem with the DOJ's argument is that this isn't a case where a warrant isn't "explicitly permitted." Warrants were permitted, but deployment was supposed to be limited to the jurisdiction where they were issued. The DOJ basically wants the court to forget its position as a check against government overreach and validate the FBI's invalid warrants. In doing so, it misleadingly portrays the Supreme Court's statements on the matter by selectively quoting from the decision. The wording surrounding the DOJ's pull quotes only shows the court determining that Rule 41(h) does not restrict warrants to justifying the search and seizure of "tangible items." Although Rule 41 (h) defines property "to include documents, books, papers and any other tangible objects," it does not restrict or purport to exhaustively enumerate all the items which may be seized pursuant to Rule 41. Indeed, we recognized in Katz v. United States, 389 U. S. 347 (1967),which held that telephone conversations were protected by the Fourth Amendment, that Rule 41 is not limited to tangible items but is sufficiently flexible to include within its scope electronic intrusions authorized upon a finding of probable cause. 389 U. S., at 354-356, and n. 16 See also Osborn v. United States, 385 U. S. 323, 329-331 (1966). This obscures the real issue here: Rule 41(b), which currently limits deployment of warrants to the jurisdictions where they were issued.
Going beyond this legal sleight of hand, the DOJ also claims that the entire two-week period it ran the child porn site while it deployed its NIT was fraught with "exigent circumstances." The magistrate judge’s Report and Recommendation rejects the assertion that exigent circumstances would have justified the warrant. The judge’s analysis identifies the underlying exigency as being the “downloading and distribution of child pornography,” exigent “only because the Government opted to keep the Playpen site operating while it employed the NIT.” Doc. 42, p. 27. The exigent circumstances that would have justified the use of the NIT, however, were tied to the on-going rape and abuse of children—as opposed to simply its depiction. Even if you buy the DOJ's argument that a two-week period -- in which warrants were obtained -- is still somehow "exigent," you have to get over the hurdle that exigent circumstances is almost always used to salvage the results of warrantless searches. It can't be used -- or at least hasn't been used until now -- to salvage the warrants themselves. The court here declared the warrant to be "void ab initio," meaning the warrant was never valid at any point.
Circumstances cannot be declared "exigent" if the time exists to obtain warrants. The DOJ's argument here isn't even coherent enough to be circular. It's simply nonsensical. Either the situation is exigent and warrants must be put on the back burner, or circumstances are not exigent and warrants can be obtained. It can't be both things at once, even if it would be oh so convenient for the DOJ if they were.
Exigent circumstances or not, the warrant obtained was invalid. The DOJ is hoping to turn a search with a void warrant into a warrantless search in order to bypass the Rule 41(b) restrictions it argues one paragraph earlier shouldn't prevent it from performing its searches wherever it feels like it.
The worst case scenario, though, is what could happen if everything falls into place for the DOJ. If the jurisdiction limitations are removed with the Rule 41(b) changes, future NIT warrants would be valid and suppression would be nearly impossible. But if the court buys its "exigent circumstances" argument, the FBI may feel more comfortable relying on the exception... and begin deploying its hacking tools anywhere it feels like without ever running it past a judge.
Permalink | Comments | Email This Story
There's apparently no situation legislators can't make worse. Self-driving cars are an inevitability, as are all the attendant concerns about autonomous vehicles roaming the streets unattended, mowing down buses at 2 miles per hour or forcing drivers behind them to obey all relevant traffic laws.
There are fears that people will just stop paying attention to driving, which is weird, because that's one of the few immediate advantages of self-driving vehicles. There are also fears that a robot car is nothing more than a tempting attack target for malicious hackers. There's some truth to this last one, especially as manufacturers have loaded up vehicles with on-board computers but given little thought to properly securing them.
Even so, that's no excuse for the sort of legislation being proposed by two Michigan politicians, which would reward self-driving car hackers with lifetime stays at the nearest prison. Michigan Senators Ken Horn and Mike Kowall have proposed a cybersecurity bill aimed at hackers and connected and autonomous cars. While Senate Bill 928 (pdf) sets out the type of crime and corresponding sentencing guidelines for car hacking, Senate Bill 927 (pdf) spells out that car hacking will be a felony. Further down, the legislation says car hacking will be punishable by life in prison. This would be fine if… well, no, actually it's not fine at all. One tends to think of prison terms as being somewhat related to the harm caused and if someone fires off malware that prevents someone from starting their vehicle, there's no way that should be punished by a life sentence. I'm sure the legislators are contemplating worst-case scenarios where someone electronically hijacks a vehicle and causes someone's death, but that sort of thing should be punishable under other laws more commensurate with the end result of the hacking.
I can also see how not explicitly targeting hacking of vehicles might become a legal loophole which allows perpetrators to walk away from more serious charges. But this is overkill, especially because the list of violations is far too broadly written. A PERSON SHALL NOT INTENTIONALLY ACCESS OR CAUSE ACCESS TO BE MADE TO AN ELECTRONIC SYSTEM OF A MOTOR VEHICLE TO WILLFULLY DESTROY, DAMAGE, IMPAIR, ALTER, OR GAIN UNAUTHORIZED CONTROL OF THE MOTOR VEHICLE. Basically the bill says all electronic systems created by manufacturers must be sealed black boxes that purchasers, security researchers, hobbyists, and third-party suppliers should never, ever access under the pain of life imprisonment. "Alter" could mean "make things work better," but it still would be treated as a criminal act under this law. Repairs to on-board computers by "non-certified" mechanics could net them charges, especially if something malfunctions down the road. I'm sure this is a perfectly acceptable outcome to the US automakers still cranking out cars in Michigan, that would now have something more than copyright to threaten people with.
The senators claim this is necessary because they want to stay out in front of any technological developments. Automotive News quoted Kowall as saying, “I hope that we never have to use it. That's why the penalties are what they are. The potential for severe injury and death are pretty high. Some of these people are pretty clever. As opposed to waiting for something bad to happen, we're going to be proactive on this and try to keep up with technology.” You don't "keep up" with technology by treating electronic access to certain systems like some particularly powerful form of witchcraft, only punishable by the most severe sentences. This isn't legislators staying abreast of the latest developments. This is legislators bypassing evidence gathering and stocking up on fear. Because nothing eases the mind of the public more than declaring the autonomous car apocalypse to be upon us, with only this badly written bill standing in the way of death and destruction.
Permalink | Comments | Email This Story
Salut à toutes et à tous !
Voici la newsletter 70 de La Quadrature du Net !Sommaire L'activité de La Quadrature du Net Nuit debout
Depuis le 32 mars (1er avril 2016), des centaines de personnes se rassemblent chaque jour sur la Place de la République, à Paris, pour parler, échanger, réfléchir. La Quadrature du Net a estimé qu'elle y avait une place, pour répondre aux questions et diffuser un petit manuel d'autodéfense numérique dont le succès (7 000 exemplaires distribués !) montre qu'il répond à un vrai besoin collectif de protéger ses communications électroniques.Neutralité du Net
Le Parlement européen a voté en octobre 2015 un règlement sur les télécommunications. Mais ce texte retravaillé à la hâte sous les pressions des gouvernements européens pour mettre fin à des années de négociation, aboutissait dans l'urgence à un consensus mou qui sacrifiait toutes les idées fortes dont la neutralité du Net et qui avaient été adoptées par le Parlement européen en 2014.
Depuis, le BEREC s'est mis au travail. Cet organe qui rassemble les régulateurs européens des télécoms (Sébastien Soriano, de l'ARCEP, représente la France) : il est chargé d'interpréter les conséquences pratiques de ce règlement trop flou. Comme rien ne filtre, plusieurs associations de citoyens européens ont décidé de tirer la sonnette d'alarme.
Le BEREC doit avoir terminé ses travaux pour le 30 août 2016, mais le goupe présentera un premier brouillon début juin, suivi de six semaines de consultation express : ce sera court !
La Quadrature du Net et les autres associations européennes impliquées dans le collectif Save The Internet dénoncent ce court-circuitage et veulent ouvrir le débat public dès aujourd'hui.
Comment ? En lançant dès maintenant une consultation alternative, en ligne : le site Save The Internet est ouvert pour contacter les régulateurs européens, et le site Respect My Net pour recueillir le témoignages sur les violations de la neutralité du Net par vos fournisseurs d'accès à Internet (FAI). Participez dès maintenant !Directive Terrorisme
Par ailleurs, le Parlement européen travaille en ce moment-même sur une directive relative à la lutte contre le terrorisme. Et la France n'est malheureusement pas le seul pays membre qui aimerait transposer au niveau européen sa propre politique sécuritaire nationale. D'après le projet publié en décembre dernier, ça se présente plutôt mal : le texte oublie de se référer à la Charte des droits fondamentaux de l'Union européenne, le blocage des sites internet est à l'ordre du jour, comme en France, et sans l'aval d'un juge, comme en France depuis la Loi Terrorisme de 2014, le chiffrement est présenté comme une entrave aux enquêtes, etc.
La Quadrature recense en détail ces atteintes aux libertés fondamentales : un communiqué dense et assez long, mais très éclairant sur les enjeux et les forces en présence. À lire maintenant sur le site de La Quadrature du Net : https://www.laquadrature.net/fr/directive-europeenne-inquietante-extension-domaine-antiterroristeDonnées personnelles
Le 14 avril, le Parlement européen a adopté trois textes sur les données personnelles.
Un règlement sur la protection des données personnelles, quand des entreprises les utilisent.
Une directive qui accompagne ce règlement : elle encadre le traitement des données personnelles par la police et la justice dans les États membres.
Une directive au sujet du PNR (Passenger Name Record), qui oblige chaque État membre à ficher les passagers des vols internationaux, entre pays de l'UE et pays tiers, et entre pays membres de l'UE.
Par ailleurs, les négociations vont bon train pour la mise en place du Privacy Shield, qui remplacera feu le Safe Harbor, annulé par la Cour de justice de l'Union européenne (CJUE) à l'occasion de la décision Schrems. Cet accord de 2010 devait garantir la protection des données personnelles collectées en Europe par les entreprises américaines. Mais les révélations d'Edward Snowden sur l'étendue de la surveillance pratiquée par les services de renseignement américains avaient montré son peu de valeur.
L'Observatoire des Libertés et du Numérique (OLN), dont la Quadrature fait partie, a publié le 7 avril une lettre ouverte à ce sujet, adressée au G29 et au Parlement européen : le nouveau projet d'accord ne donne pas toutes les garanties demandées par la CJUE, concernant la surveillance de masse, le droit à la suppression des données ou l'existence d'un vrai médiateur indépendant pour relayer aux États-Unis les demandes en provenance de l'Europe.
Que retenir de ces quatre textes ? PNR mis à part, il est grand temps d'aller visiter le site Contrôle tes données afin de prendre en main votre vie numérique !Droit d'auteur
Les éditeurs se plaignent beaucoup de la baisse de leurs revenus dans l'économie numérique, et militent pour la création d'un « droit voisin » au droit d'auteur – similaire a celui que perçoit un interprète, par exemple. Cette piste avait été écartée par le Parlement européen, mais la Commission européenne qui planche sur le sujet a remis l'idée à l'ordre du jour, dans une consultation lancée en mars 2016.
La Quadrature explique pourquoi elle s'y oppose.
Mais les auteurs ne sont pas les seuls à devoir s'inquiéter. Nous sommes tous concernés par les exceptions prévues au droit de panorama, celui qu'on exerce pour l'instant (sans le savoir ?) quand on photographie un bâtiment encore soumis au droit d'auteur. D'après la consultation, ce droit serait désormais restreint quand la photographie est à usage commercial. Mais 'usage commercial a des contours flous. Et une liberté de panorama pleine et entière est nécessaire, d'autant plus qu'elle affecte aussi les images partagées sous licence libre. Le raisonnement détaillé est à lire ici.Lanceurs d'alerte
Si vous suivez les médias et les réseaux sociaux, vous en avez sûrement entendu parler : en plein scandale des Panama Papers, et à quelques jours de l'ouverture au Luxembourg du procès d'Antoine Deltour, le lanceur d'alerte des LuxLeaks, le Parlement européen a voté le 14 avril une directive sur le secret des affaires qui menace gravement le travail des journalistes et les initiatives des syndicats, des salariés et des lanceurs d'alerte.
Deux jours plus tôt, La Quadrature s'associait à une campagne européenne pour la défense de ces droits, vitaux pour la démocratie, et menacés par la défense des intérêts des entreprises privées. Une mise en garde très claire, à lire absolument.Spectre Radio
La directive européenne « relative à l'harmonisation des législations des États membres concernant la mise à disposition sur le marché d'équipements radioélectriques », que nous appellerons donc la directive Radio, doit être transposée par les États membres avant le 12 juin 2016. Mais les critères de conformité qu'elle impose menacent l'utilisation de logiciels libres utilisés par exemple par les associations qui développent des réseaux Internet citoyens sans-fil.
La Quadrature du Net, en partenariat avec APRIL, French Data Network, Fédération FDN et la Free Software Foundation Europe, adresse une lettre ouverte à l'ARCEP et à Bercy (ministère de l'Économie, de l'Industrie et de l'Emploi). Où l'on apprend que suite à une insécurité juridique, une carte wifi exploitée par un logiciel libre pourrait devenir un problème pour les associations qui, aux quatre coins du territoire, développent des réseaux Internet citoyens sans-fil. Alors qu'il travaille à la transposition de ce texte, le gouvernement français doit d'urgence corriger le tir et garantir la liberté d'installation des logiciels libres sur les équipements radios.
- Réforme Pénale : on refait le point sur les dispositions touchant au numérique — NextInpact
- Sans l’aide d’Apple, le FBI décrypte l’iPhone de San Bernardino — Rfi
- L'autocensure des idées minoritaires, conséquence de la surveillance de masse — Le Monde
- Les secrets de « Citizenfour » par sa réalisatrice Laura Poitras — Nouvel Obs
- Le Sénat crée un délit de « consultation habituelle de sites terroristes » — Le Monde
- Terrorisme : la frénésie sécuritaire française à côté de la plaque — Libération
- C’est confirmé : le blocage des sites ne sert à rien pour lutter contre le terrorisme — Rue89
- Terrorisme : forte augmentation des demandes de retraits de contenus sur le Web après le 13 novembre — Le Monde
- Les écoutes coûtent cher, très cher : démonstration en quatre chiffres — Libération
- Au Sénat, l'impressionnant détricotage de la loi Numérique — NextInpact
- Loi Numérique : l’art et la manière de donner la priorité au logiciel libre — NextInpact
- Le gouvernement veut proroger l'état d'urgence de deux mois — Le Monde
- L’obligation de conservation des données de connexion auscultée par la CJUE — NextInpact
- À Strasbourg, l’ombre du groupe Safran plane sur les fichiers de passagers aériens — Mediapart
- La CNIL ignorée sur la conservation des empreintes digitales — Numerama
Il existe de nombreuses façons de participer à l'action menée par La Quadrature du Net. Vous pouvez aider La Quadrature en parlant de ses publications autour de vous, et en les diffusant sur vos blogs, Twitter, Diaspora*, vos réseaux sociaux, listes de discussion… Bref, en « buzzant ».
La Quadrature du Net a aussi besoin d'aide pour un grand nombre de tâches quotidiennes, par exemple pour l'édition de sa revue de presse, des traductions, la mise à jour de son wiki, des créations graphiques ou sonores… Si vous en avez la capacité, vous pouvez contribuer à améliorer les outils comme Memopol, Respect My Net, ou le Piphone, Contrôle Tes Données, ou bien nous proposer de nouveaux projets sur notre GitLab. N'hésitez pas à nous contacter pour avoir plus d'information à ce sujet.
Enfin, si vous en avez les moyens, vous pouvez également nous soutenir en effectuant un don.
Mai 2016 :
- 2 : Arrivée de Léa Caillère Falgueyrac en tant que stagiaire au service juridique !
- 3 : Le PJL Numérique discuté au Sénat
- 4 : Dernier jour de Lori Roussey, stagiaire au service juridique
- 5-9 : AG de la FFDN
- 17 : Intervention au centre LGBT Rennes, par Okhin, sur les libertés individuelles
- 24 : Vote en LIBE sur la directive Terrorisme (Parlement européen)
- 28-29 : Ubuntu Party Paris
Juin 2016 :
- 2-3-4 : Geek Faeris IRL 2016
- 3 : Table ronde sur les données personnelles, université Paris XIII, Bobigny
- 10 : Quadr'apéro à Clermont-Ferrand
- 18-19 : POOP https://lepoop.org/2016/ : soyez nombreux !
- 30 - 03/07 : Festival Pas Sage En Seine 2016
Since "32 March" (1 April 2016) hundreds of people are gathering every day on the Place de la République in Paris and everywhere in France to talk and to share. La Quadrature du Net thought it was the right place to answer questions and shared a brief digital self-defence manual, which was a real success (7 000 copies distributed!) which shows that it meets a real need for the protection of personal electronic communications.Net Neutrality
The European Parliament adopted a regulation on telecommunications in October 2015. But the text was finalised under pressure of European governments in order to end years of negotiations, lead to a weak consensus which sacrificed all powerful ideas of Net neutrality that had been adopted by the European Parliament in 2014.
Now BEREC is working on it. This organ gathers the European telecom regulators: it is responsible for the establishment the practices coming from the interpretation of the regulation. As nothing filters out of the negotiation room, several associations of European citizens decided to send out alarm signals.
BEREC must complete its work by 30 August 2016 but the group should present a first draft of its work in early June, followed by six weeks of public consultation: it will be short!
La Quadrature du Net and other European associations involved in the group Save The Internet denounce this short-cut and wish to open public debate at once.
How? By starting an alternative online consultation: Save The Internet is open to contact European regulators and Respect My Net to collect testimonies on violations of Net neutrality by your Internet service provider (ISP). Please join in and take part!
The European Parliament is currently working on a directive to combat terrorism. Unfortunately, France is not the only Member State which would like to transpose its own national security policy with European policy. According to the project that was published last December, things are not turning out very well: the text fails to refer to the Charter of fundamental rights of the European Union; the blocking of websites without the approval of a judge is back in the agenda and , just like in France since the 2014 Terrorism Law; encryption is presented as an obstacle to investigations.
La Quadrature du Net lists these human rights violations in a dense and rather long statement, but quite enlightening about the issues and present forces. Read now on the website of La Quadrature du Net: https://www.laquadrature.net/en/european-directive-expansion-antiterrorism-scope
On 14 April, the European Parliament adopted three texts on personal data.
A regulation on the protection of personal data collected by companies.
A directive accompanying this regulation: it supervises the processing of personal data by the police and judiciary in Member States.
A directive about the PNR (Passenger Name Record), which requires each Member State to file the passengers on international flights between EU countries and between EU members and other countries.
In addition, negotiations are in progress for the implementation of the Privacy Shield, which will replace the Fire Safe Harbor, annulled by the European Court of Justice (ECJ) as a result of the http://curia.europa.eu/juris/document/document.jsf?text=&docid=169195&pageIndex=0&doclang=fr&mode=req&dir=&occ=first&part=1&cid=293038">Schrems decision. This 2010 agreement aimed to guarantee the protection of personal data collected in Europe by American companies. But the revelations of Edward Snowden about surveillance by the NSA had shown its value.
The Observatoire des Libertés et du Numérique (Digital and Liberties Observatory), of which La Quadrature du Net is a member, published on 7 April an open letter on this subject addressed to the WP29 and to the European Parliament: the new draft agreement does not provide all the guarantees required by the ECJ concerning the protection against mass surveillance, the right to delete personal data, or the existence of a true independent mediator to relay European demands to the US.
What should be learned from these four texts? It's time to go visit "Control your data" (FR) to take control over your digital life!Copyright
Publishers complain a lot about the drop of their income in the digital economy, and advocate for the creation of a "neighbouring right" to copyright, similar to the one perceived by an interpreter, for example. This idea had been rejected by the European Parliament, but the European Commission which works on this issue presented the idea again, in a consultation launched in March 2016.
La Quadrature du Net explains (FR) why it opposes this idea.
But authors are not the only ones who should worry. We are all concerned by the exceptions of copyright soon in the law. For example, when photographing a building, exercising your freedom of panorama, you might soon be infringing copyright of the building designers. According to the consultation, freedom of panorama would be restricted when the photograph is for commercial use. But the term "commercial use" is blurred. And freedom of full panorama is needed, especially as it also affects pictures shared under free license. The detailed analysis is here (fr).Whistleblowers
In the middle of the Panama Papers scandal, and a few days before the opening of the trial of the LuxLeaks whistleblower Antoine Deltour, the European Parliament adopted on 14 April a directive on trade secrets seriously endangering the work of journalists, unions initiatives, employees and whistleblowers.
Two days earlier, La Quadrature du Net took part in a European campaign to defend these vital rights for democracy threatened by the interests of private companies.
The European directive "on the harmonization of the laws of the Member States concerning the availability on the market of radio equipment", which we shall name the "Radio Directive", must be transposed by Member States before 12 June 2016. But the compliance criteria set up by the directive threaten the use of free software by associations developing wireless Internet networks (fr).
La Quadrature du Net, in partnership with APRIL, French Data Network, FDN Federation and Free Software Foundation Europe addresses an open letter to the ARCEP and the French Ministry of Economy, Industry and Employment. Following legal uncertainty, a wireless card run by free software could become a problem for associations which develop wireless public Internet networks across the territory. While working on the transposition of this text, the French Government must urgently correct the situation and ensure the freedom of installation of free software on radio equipments.
May 2016 :
- 2 : Arrival of Léa Caillère Falgueyrac as an intern at the legal department :)
- 3 : Digital Bill discussed at the French Senate
- 4 : Last day at La Quadrature du Net for Lori Roussey, former intern at the legal department :(
- 5-9 : General meeting of the FDN Federation
- 17 : Intervention in LGBT center in Rennes, by Okhin, on fundamental freedoms
- 24 : LIBE vote on Terrorisme directive (European Parliament)
- 28-29 : Ubuntu Party Paris
June 2016 :
- 2-3-4 : Geek Faeris IRL 2016
- 3 : Panel discussion on personal data, université Paris XIII, Bobigny
- 10 : Quadr'apéro in Clermont-Ferrand
- 18-19 : POOP https://lepoop.org/2016/ : come and bring your friends!
- 30 - 03/07 : Pas Sage En Seine 2016
Pour vous inscrire à la newsletter, envoyez un email à email@example.com
Pour vous désinscrire, envoyez un email à firstname.lastname@example.org
Congress Has No Idea How The FCC's Cable Box Reform Plan Works, Conyers, Goodlatte Compare Effort To 'Popcorn Time'
As such, the cable industry has been having a monumental hissy fit. This has ranged from threatening lawsuits to publishing an absolute ocean of misleading editorials in news outets nationwide, claiming the FCC's plan would destroy consumer privacy, increase piracy, hurt programming diversity, and make little children cry.
Not too surprisingly, the cable and entertainment industry has now gotten some members of Congress to contribute to the hysteria. Note that the FCC's proposal makes it abundantly clear that under the proposal, a cable provider can "determine the content protection systems it deems sufficient to prevent theft and misuse, and will not impede the introduction of new content protection systems." Yet in a letter sent to the FCC this week, Representatives Bob Goodlatte and John Conyers say creators have "shared concerns" that the FCC's plan will lead us down the road to rampant piracy. You know, like Popcorn Time:"As Members of the House Judiciary Committee, which oversees our nation's copyright laws, we recognize the harm the American economy caused by the theft of copyrighted works. Creators have shared concerns that under the FCC's proposed rule, future set-top boxes or their replacements could purposely be designed to distribute pirated content obtained from sources that primarily offer stolen content. For example. apps such as Popcorn Time that focus on providing access to piratical content have tried to match the form and ease of use of legitimate apps to mark the theft of copyrighted content. Creators are legitimately worried about the prospect that future set top boxes, or their functional equivalents, could incorporate apps such as Popcorn Time or its functionality, or otherwise lead to the unauthorized distribution of copyrighted works."From the letter it's pretty clear the Representatives -- and the "creators" expressing their worry -- don't actually understand what the FCC is trying to do. Conyers and Goodlatte throw Popcorn Time into the mix seemingly at random, given the FCC's proposal has absolutely nothing to do with the app.
For better or worse, under the FCC's proposal nothing about copy protection will actually change. Users will still pay the cable industry for service, those users will just be able to access that same programming on devices from the likes of TiVO, Google, Amazon, and countless other devices that will already be in consumer homes. And while these devices are more open than cable boxes, it's bizarre to suggest this shift results in some kind of piracy free for all. In fact, having more open set top boxes not ensconced by the cable industry's walled garden approach will present consumers with access to more legitimate streaming content sources than ever before. That's what the cable industry is actually worried about.
The looming specter of piracy was also recently trotted out in an editorial by "The Walking Dead" Producer Gale Anne Hurd, who tried to argue that making the set top box market more open and competitive would only drive users to pirated content because hey -- a more open device might actually include a browser and access to the actual Internet. That's again missing the forest for the trees on an absolutely mammoth scale, ignoring that open platforms and an exponential explosion in access to streaming services means more ways to access her content legitimately than ever before.
Again, it's not clear if the people yelling about piracy just don't understand how this all works and are just being "informed" by the wrong people, or if they're intentionally aiding the cable industry and mis-characterizing what the FCC is planning (probably a combination of both). But make no mistake: the TV industry's opposition to set top box reform has nothing to do with being worried about piracy, diversity, security, or the welfare of puppies -- and everything to do with protecting a stagnant industry from market evolution and lost revenue.
Permalink | Comments | Email This Story