Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

February 11 2014

[Video] Reclaim Our Privacy

Thanks to the generosity of supporters who helped crowd-fund it, and of Benoît Musereau who volunteered to direct it, La Quadrature du Net publishes ”Reclaim Our Privacy”, a three-minute movie that explains the threat to, the importance of protecting, and the tools to reclaim our privacy online. If you want to contribute to the funding of this movie, it is still possible to do so here. Any funds received above the target amount will be shared between Benoît Musereau and La Quadrature du Net. The movie is released under CC BY-SA, so feel free to share or remix it! <3

Download it!

For further information on these issue:

Movie's credits

Crowd-funded by (thanks, and lots of Datalove to you all! <3)

Aknok, Anaelita, Arofarn, Azerka, Bamban, Beeaware, Benjamin Piouffle, Benjamin Sonntag, Billecoq, Billux, Bmoc, Bourbaki, Cartron, Cellular, Cerran, Chato, Chopopope, Christian P. MOMON, Cioccu, Coucouf, Crowder, Cryptie, Dalb75, Darathor, Datarmine, David de Beleville, Ddadon, Didier_b-2, Djean, Domaccord, Elessar, Elfabixx, Elizabeth Nicholson, Elpouyou, f.0x2501.org , Fabhuy, Faereth, Fenn, Fflo, Florent_ato, Florent Darrault, Fraanek, Franck-awo, Franckpaul1984, François Tessier, Francoist-2, Galou Gentil, Gastavocats, Gawel, Geodelc, Gllm, Glatteispogo, gty, Gwendanc, Hadelie, Hebus63, Irslo, Ischiros, J4mes, Janval5, Jean-Louis Séré, jeey, Jean-Sébastien, Jeffman78, Jérémy GUEROUT, Jfch_, Jfomhover, Jimi_dave, Julien Fastré, Kadcom, Kaulian, Keplerpondorskell, Klorydryk, Kyriog, Laelaeta, Lcottereau, Le_Coyote, Lesauterhin, Les chats cosmiques, m09, Maillon, mamzelle_S, Martin Bahier, Mathieu HAAGE, Matrium, Milhouse_fr, Morgiou, Mrtino, Mulot, Mutokenji, Myoshi, Natim, Nicolasrtt, Nicorr, Nitot, Number, Olivier Cortès, Oneveu, Osmoze950, Ouroboros75, Outils Conviviaux, Pep1, P Ernewein, Petch, P Moniez, Puilliack, Raphette, Renk, Rikle_s, Rogdham, Rouroux, Saian, Saintraph, Samuel Tardieu, Se7h, Sempiternel, Snifiboy, Spiwit, Steph3187, Sureau, Sylvain Cazaux, Tael67, Taker, Taziden, Tekarihoken, Thd_it, Thomas Moreau, Thorleif_, Tomlefol, Torlus, Txitua, Vehem, Widokristus, Wookie51, Xixo, Yann2192, Ygster, yost3d, Yoya971, Yoygldstn

February 10 2014

The Day We Fight Against Surveillance and in Support of Privacy

Paris, 11 February 2014 — Over the last year the public across the globe was made aware of massive global surveillance conducted by the NSA and its partners or counterparts, but also by private tech companies. In response, and in celebration of the victory against SOPA, PIPA and ACTA two years ago and in memory of one of its key architects, Aaron Swartz, La Quadrature du Net joins this day of mobilisation The Day We Fight Back against mass surveillance, which will mark actions by civil rights groups from all over the world. This day is a perfect occasion for all citizens to get informed, and to act to defend our privacy against private and public surveillance. Below are actions carried out by La Quadrature and its supporters today.

“Together we will push back against powers that seek to observe, collect, and analyze our every digital action. Together, we will make it clear that such behavior is not compatible with democratic governance. Together, if we persist, we will win this fight.”

This Tuesday 11 February is a global call to arms against surveillance. Many organisations around the world defending human rights in all its forms, such as freedom of speech, privacy, or press freedom, have joined forces for a day of mobilisation against mass surveillance. The global problem is that surveillance, public and private, has gone way beyond embarrassement between countries. It is undermining the basis on which our democratic systems and thus our rights as citizens rely, such as the protection of journalistic sources or confidential communication with a lawyer. As the Necessary and Proportionate petition, signed by La Quadrature du Net and more than 300 other NGOs stated, any legitimate surveillance has to be, amongst other things, established by legal statutes, transparent, have a legitimate aim, be necessary and proportional to the threat, involve user notification and have adequate public oversight.

Several actions, online and offline, are planned by organisations across the globe. Events are listed here. Since the first Snowden revelations, La Quadrature du Net has consistently advocated new asylum rules for whistle-blowers reporting serious violations of fundamental rights, but also the suspension of the Safe Harbour agreement between the EU and the US for all companies listed as participating to PRISM and other NSA programs, reinforcement of the data protection regulation against similar circumvention of fundamental rights and support to decentralized free software applications based on strong cryptography. Today, La Quadrature has coordinated the launch of several projects:

Reclaim Our Privacy

Thanks to the generosity of supporters who helped crowd-fund it, and of Benoît Musereau who volunteered to direct it, La Quadrature du Net publishes ”Reclaim Our Privacy”, a three-minute movie that explains the threat to, the importance of protecting, and the tools to reclaim our privacy online. If you want to contribute to the funding of this movie, it is still possible to do so here. Any funds received above the target amount will be shared between Benoît Musereau and La Quadrature du Net. The movie is released under CC BY-SA, so feel free to share or remix it! <3


Download it!

NSA Observer Website

Volunteers supported by La Quadrature du Net put together a website about “Things the NSA doesn't want you to know (and why you should know about it)”: NSA-observer.

The numerous revelations on NSA surveillance represents a lot of information that no one had presented in a format that was easy to access and understand. The authors gathered the information into a public-domain licensed website and freely-downloadable database. Moreover, in order to comprehend the system, the website provides visuals of the connections between NSA programs, attack vectors and compartments. The website is a work in progress and the authors welcome involvement by others in order to keep the data up to date and make it more accessible to the general public.

“Nothing To Hide” by La Parisienne Libérée and Jérémie Zimmermann

La Parisienne Libérée is a French journalist who sings the news once a week. She invited Jérémie Zimmermann, cofounder of La Quadrature du Net, for a song on personal data and privacy.

On this global day of action, La Quadrature encourages all citizens to get informed and share information about surveillance and the need for better legal and technical protection for privacy in the digital age. For more information, visit:



Support La Quadrature du Net!

January 31 2014

Support the Making of the Animated Movie "Reclaim Our Privacy!"

Paris, 31 January 2014 — La Quadrature du Net launches a crowd-funding campaign to support the making of the upcoming animation movie about privacy, mass surveillance, and the urgency to rethink our relationship with technology. Help us finance this project!


Benoît Musereau, which whom La Quadrature du Net collaborated on the “NO to ACTA” movie, will be the director, as a volunteer, to make this new movie. The €3000 objective of this crowd-funding campaign will help pay for Marion Leblanc, the graphic designer, and Mawashi, the musician and sound designer. A movie such as this would usually cost around €10-15000. Funding above €3000 will be split equally between Benoît and La Quadrature du Net.

Help us fund it and “Reclaim Our Privacy!” should be released by the 11th of February as part of The Day We Fight Back, a day of mobilisation against mass surveillance. Nice rewards, including posters of the movie, are available to supporters, and the names of all supporters will be included in the credits.

Reposted bycheg00 cheg00

December 19 2013

Final Adoption of Generalised Surveillance in France: a Disturbing Political Drift

Paris, 19 December 2013 — The French President promulgated [fr] the 2014-2019 Defense Bill last night. Adoption of article 20 (former article 13) opening the door to generalised surveillance of communications and the failure to request its constitutional challenge demonstrate the deep crisis of a political system which does not hesitate anymore to massively compromise fundamental rights. La Quadrature du Net thanks all those who contributed to oppose this article. It calls for the continuation of the fight against surveillance of our communications on the Internet, by any means: before Parliament or judges, through technology and usage choices.

The French 2014-2019 Defense Bill1 has been officially published last night in the Journal Officiel. Its article 20 (former article 13) opens the way to generalised surveillance of online information and communications, notably through live capturing of data from hosting services and Internet service providers and for purposes going way beyond the mere national security.

The adoption of this article – with its ambiguous wording and misleading place in a Defense Bill meant to schedule the military budget – and the faillure to obtain its constitutional review reflect the deep crisis democratic representation is going through, failling to protect citizens fundamental rights. This Bill has been unanimously adopted by François Hollande's left wing party – Parliament's majority group –, despite wide inner divisions on article 20 and a previous opposition on similar but temporary and less harmful texts in 2006 and 2008. The right wing, ecologists and the far-left voted against the Bill in both chambers.

However, once the Bill was adopted, despite the strong citizen mobilization and numerous warnings by various organizations, political divisions and group discipline prevented the collection of the 60 signatures required to call upon the Conseil Constitutionnel (French constitutional court) to review any new law. A strict party discipline from the left-wing majority party (PS), sectarianism from the right-wing party (UMP) refusing to sign together with green and far-left groups, and an aggressive campaign by the leader of the right-wing group against its MPs signing the request, will be remembered as symbols of the drift toward a post-democratic system.

Many other steps will enable citizens to continue the fight against the development of a generalised surveillance, which has become a tool for political powers unable to act for the common good. In legal terms, the future publication of the Decree by the Conseil d'État (Highest administrative court) and announced French laws on intelligence and freedoms online will provide new opportunities for discussion, decision, and challenge. But it is on the political and usage fronts that our rights and freedoms will be determined.

“With the others associations of defense of human rights and freedoms who have acted on this issue, we will campaign restlessly against surveillance and these violations of the separation of powers. We call for a strong affirmation of the role of the judiciary, of the right to privacy and of the individuals freedoms in the upcoming laws, and any form of challenge” concludes Jérémie Zimmermann, cofounder and spokesperson of La Quadrature du Net.

“A balance of rights can only be restored if citizens strongly demonstrate that there is no democracy or human beings free to express themselves in a surveillance State, and if everyone, in their choices of services, tools and usage, reclaims what we abandoned to centralized operators” concludes Phillipe Aigrain, cofounder of La Quadrature du Net.

December 11 2013

Huge Threats to Fundamental Freedoms and Rights Consolidated in the French Parliament

Paris, 10 December 2013 — Despite the strong citizen mobilisation and the numerous reactions [fr] voiced against it, the French Senate just voted in second reading the controversial 2014-2019 Defense Bill and its dangerous terms without any changes. This vote closes parliamentary debate on this text: the French Constitutional Council alone can now alter the application of these measures infringing the basic rights of citizens. La Quadrature du Net strongly calls the members of the French Parliament to formally place the matter before the Constitutional Council for a decision on the conformity of this law to the French Constitution.

Support La Quadrature du Net!

By voting the 2014-2019 Defense Bill without any changes, the French Senators just closed parliamentary debates on the subject. Despite numerous warnings expressed by citizen organisations1 as well as public agencies2, the text adopted today will:

  • Authorise live capturing of data and documents (“that on request may be captured and transmitted in real time by operators and agents mentioned” [our translation]) by hosting services and service providers.
  • Allow the harvesting and capturing of “data and documents treated or stored by their networks or services” (our translation) and not solely the connection data.
  • Extend the list of public offices that may request surveillance, to include, for instance, the Ministry of Economy and Finance.
  • Extend the reasons for which surveillance may be requested to include information related to “the scientific and economic potential of France” and the prevention of “organised crime and delinquency” (our translations).

At this stage of the procedure, only the French Constitutional Council can stop the application of these measures opening the way to generalised surveillance of online information and communications. But this higher authority needs to be referred to by either 60 MPs, the Prime Minister or the President. La Quadrature du Net strongly calls on representatives of both chambers to hear appeals from citizens and to table a request for a constitutional review as soon as possible.

“In the context of Snowden's revelations on massive and generalised citizen surveillance, it is shocking to see the French Parliament adopt a text that enshrines the state of emergency and allows total abuse of citizen's privacy. Representatives must hear the call of civil society and activate recourse to the Constitutional Council” concludes Phillipe Aigrain, cofounder of La Quadrature du Net.

December 10 2013

Will Our Parliamentarians Consent to a Democratorship?

Numerous reactions are now being voiced against the inclusion in the 2014-2019 Defense Bill of article 13 whose provisions enable a pervasive surveillance of online data and communications. Gilles Babinet, appointed in 2012 as French Digital Champion to Nellie Kroes, Vice-President of the European Commission responsible for the Digital Agenda for Europe, was quoted [fr] in the French newspaper Les Echos, “This law is the most serious attack on democracy since the special tribunals during the Algerian War” (our translation).

This statement comes after the public declaration [fr] by the Association of Community-based Internet Services (ASIC), the press release by La Quadrature du Net and the opinion of the Conseil National du Numérique [fr] (The French Digital Council) which calls on the suppression of article 13.

News articles in the press refer to the extensive attack on freedom and fundamental rights that the adoption of this article would represent. Such criticism is still building up. But time is running out because the government is using cynically the urgency of adopting the Defense Bill in order to push the article 13 through Parliament. If, on this Tuesday, 10 December, the French Senate adopts the text unchanged compared to the one adopted on first reading on 4 December by the National Assembly, then only the government would be allowed to present an amendment to withdraw article 13 in the National Assembly. If government does not backtrack, then to rescue our fundamental rights, the National Assembly would be left with the only option to reject the bill in its entirety and face the consequences that such a full rejection would entail.

It is evident that faced with a bill that threatens our fundamental rights, every parliamentarian must take their decision on the basis of their own personal choice and ethics. There is no hiding behind party affiliation that could limit their ability to vote according to their personal conscience on this matter.

Summary of the measures included in article 13

  • Article 13 renders permanent a provisional measure introduced in the anti-terrorism legislation of 2006, extended in 2008 and 2012, and valid until 31 December 2015 (there was no urgent security need to legislate it). Not only will it be made permanent, its nature and scope are also significantly extended.
  • Before, the authorities were allowed to collect connection data. Now authorities may request the live capturing of data and digital documents from both Internet Service Providers and hosting services.
  • The type of information that may be captured and requested would include all data and documents treated or saved by these entities' networks or services.
  • The agencies that are allowed to request this type of information would be extended beyond those directly concerned with National Defense and Security to include, for instance, the Department of Economy and Finance.
  • The goals of the surveillance will be extended to include any information related to scientific and economic potential of France, or the fight against criminality.
  • Finally, not only will the judiciary be simply bypassed, but the only measure of control, let to the National Commission of Control of Electronic Surveillance, will only be to emit a (secret) "recommendation" to the Prime Minister, a process that carries with it no weight whatsoever.

This piece was initially published [fr] on the blog of Philippe Aigrain, founding member of La Quadrature du Net.

December 04 2013

A Move Towards Generalised Internet Surveillance in France?

Paris, 3 December 2013 — Yesterday the 2014-2019 defense bill passed first reading in the French National Assembly. It marks a strong shift towards total online surveillance. If passed, the bill will not only allow live monitoring of everyone's personal and private data but also do so without judicial oversight, as the surveillance will be enabled through administrative request. The bill also turns permanent measures that were only temporary.

How is it possible that after only a few months of Edward Snowden's revelations the French government proposes a bill so detrimental to our fundamental rights? Article 13 of the bill organises the generalisation of live surveillance of "information and documents processed and stored in the networks", which potentially concerns the data of all citizens. Such surveillance requests can be issued by a wide variety of departments, including the departments of Internal Security and Defense, but also the department of Economy and Finance. The inclusion of such departments exceeds what is required to meet the stated aim of protecting the citizen against incidents of an exceptional seriousness. Indeed, the proposed bill permits these departments to authorise live surveillance of all citizens with the sole stated aim to “prevent […] crime” or the particularly vague “safeguard of essential components of scientific and economic potential of France”.

Data collection will not only be done directly via companies providing Internet access (ISPs and telecommunication operators) but also via web hosting operators and online service providers. Despite the gravity and magnitude of this collection, no measure significantly limits their volume. The data collection could be done by installing devices that capture signals and data directly at the operators and hosting companies. The definition of these operators and companies, taken from 2004 Loi pour la confiance dans l'économie numérique (“Act for Trust in the Digital Economy”), cause concerns that the scope of application will be very wide.

“Considering the recently uncovered evidence of massive and generalised spying on citizens, the maneuvers of the President and of the government deceive no one. This bill sets up a generalised surveillance regime and risks to destroy once and for all the limited trust between citizens and agencies responsible for security. A vague reference to the needs of the security agencies does not justify such serious infringements to our basic liberty. La Quadrature du Net calls on parliamentarians to reject this infringement to basic rights during the second reading of the text” concludes Philippe Aigrain, cofounder of La Quadrature du Net.

November 21 2013

Snowden and the Future of our Communication Architecture

by Jérémie Zimmermann

Snowden revelations shed light on facts that force us to ask ourselves important questions and to take action that might be essential for the future of our online societies and for the very structure of our political systems.

These documents confirm what many hackers and citizens were suspecting: a generalized surveillance by the NSA and other intelligence services of about any personal communications over the Internet. What was a few month ago often dismissed as "conspiracy theory" or "paranoïa" turns out to be actually quite far from the crude reality.

Edward Snowden
Edward Snowden

The most important fact we've learned from the Snowden revelations is the massive aspect of the surveillance: The figure of 97 billions elements of information collected for the month of March 2013 alone (only for the PRISM program that is only one program of the NSA!) gives a view of how global is the spying on citizens of the world. The poor defense of the US administration that "don't worry, only non-US citizens are targeted" has to be balanced by the fact that targeting is determined by an assessment of "at least 51% chance of non-foreignness", basically tossing a coin plus 1%… If you happen to know someone who happens to know someone who might be doing something considered wrong, then it is likely that all your personal communications are being spied upon. Whether you're a journalist attempting to protect your sources, a lawyer or a doctor protecting medical secret, a politician, etc. then you are in.

The other most meaningful fact is the active collaboration of Google, Facebook, Apple, Microsoft and such giant Internet corporations: Whether they are forced to cooperate by the secret implementation of a law and a court operating in secret or do it willfully does not matter much. What matters is that it is now obvious that these companies are mere extensions of US intelligence agencies gone completely out of control, in a paranoïd drift that endangers the civil liberties of citizens all around the world. By using their services and products anyone is exposed to becoming transparent, listened at, looked at, every keystroke potentially recorded.The PRISM revelations tell us that these companies, their products and services cannot be trusted. They illustrate what free/libre software advocates and other defenders of freedoms online have been saying for a long time: the very technological and economic models of these centralized services turn them into gigantic spying machines. The very nature of these closed-source centralized software and systems turn them into instruments of control.

Also of primary importance is the sabotage of every commercial security product providing encryption technology. 250M$/y were spent in the "Bullrun" program to weaken commercial cryptography, practically leaving open holes in the whole world's security infrastructure, whether it's checking your email, communicating with an administration or a company, shopping or online banking.

PRISM Collection Details
PRISM Collection Details

Finally, and to dismiss any attempt at justifying mass surveillance by the argument that it might be efficient and proportionate in fighting terrorism, we learned that the NSA spied upon the communications of Petrobras, the main Brazilian energy company, and upon the personal communication of Dilma Rousseff, the Brazilian president herself. Furthermore, the figures published for data collected in various democratic countries demonstrate that it was the society as a whole that was an object of surveillance. It is now obvious that this massive globalized surveillance is also used for economic intelligence and political surveillance, in order to serve the interests of the US and its corporations.

All these elements taken together tell us a lot about the current state of technology and the link between tech companies and the US government. We should now be asking ourselves how to regain control over our personal communications and data, how to evade unjustifiable massive surveillance and how to regain our digital sovereignty.

Building an alternative to this orwellian surveillance will for sure take time. But it is an endeavour that must be undertaken for the sake of future societies where our fundamental right to privacy will mean something. It is an endeavour of political and legislative nature indeed, but also technological, and (if not mostly) social.

On a purely political side, it is obvious that US law must change and that the US citizens must regain control over the NSA. The fact that whole parts of public policies, a special court, its decisions and special interpretations of the law are kept secret from the public isn't compatible with a democratic society abiding by the rule of law and the separation of powers. For us, mere citizens of "more than 51% foreignness" to the US, it might be an objective out of reach… all we can do is to increase political pressure on the US government and help US activists working towards it.

Here in the EU, Snowden's revelations call for a strong political reaction from policymakers, who so far have been very tame… For instance, as each and every obligation allowing the "Safe Harbour" – the agreement that exonerates US companies from abiding by the EU law regarding protection of personal data – has obviously been breached, the EU is now technically able to revoke it. This would allow to negotiate a new agreement with an upper hand for the EU, while slapping hardly US companies responsible for surveillance (which could in turn benefit EU companies). Such a bold political move seems so far nowhere in sight.

We must also urge policymakers to enact a strong effective protection of our personal data. The data protection regulation currently being debated in the EU parliament, risks to be voided of its substance, under deep influence by the very same companies caught red-handed with engaging in massive surveillance. Citizens must invite themselves in this public debate, to ensure that strong barriers will be put to the export of their data to foreign jurisdictions where they are not safe, and that effective tools will be put in their hands to gain back control over their personal data and communications.

On another hand EU citizens must demand from their policymakers new legal protections for whistleblowers and for freedom of expression and communication in general, as the persecution of Manning, Assange, and now Snowden show that such actions which are obviously of general interest are being taken at a tremendously disproportionate cost for their own lives.

Lastly we must urge our policymakers, in the EU and in various Member States to enact strong industrial policies that encourage, promote and fund technologies that liberate individuals rather than technologies that control and spy on them.

This technological aspect is key. We now have a clear view of the design patterns for technologies that control individuals: centralized services (based on aggregating as much data as possible), closed down proprietary software and systems, and unreliable encryption where trust is left in the hands of third parties. All these patterns lead to technologies that expropriate us from our personal data, and leave our communications at the mercy of the NSA, its partners and its hundred of private contractants.

GNU logo

On the other hand, Snowden revelations give us a vivid illustration that Richard Stallman and others have been right for all these years. We actually have on the table already the design patterns for technologies that instead of controlling individuals can make them more free:

  • Decentralized services: Ideally hosting our data ourselves, or at least at the human scale of a bunch of friends, a company, a university, an association, a community etc. It is at this price that we will not participate in forming aggregates making these companies tremendously powerful and structurally part of the surveillance state.
  • Free/libre software: By giving to the whole world the same freedoms that its initial author has on it, it is the only way for humans to have a potentiality to control their machine, and not the other way around. Free software turns the sharing of knowledge and skills into digital common goods. As "Bullrun" shows, cryptography and other security tools that are not built according to the principles of free software can never be trusted, period. (The question of getting access to the specifications of the hardware we run this software on has indeed to be asked, as the increasing use of black-boxed hardware make it easy to insert backdoors that may be used against us. Government agencies could force manufacturers to disclose key specifications. Maybe we can someday build open hardware we can trust…)
  • End-to-end encryption where mathematics guarantee that only the user and the people he or she communicates with will be able to access and read the content of their communications, with the exclusion of third parties such as Google, Facebook, Skype, Apple, etc. This implies that users can get to understand the core concepts and get to manage their keys, which, we've seen in the last decades is not as obvious as it sounds…

So in the end, the political and the technological dimensions of building a world where technology will make users and societies more free rather than controlling and spying on them could maybe in practice only be articulated through a third, social dimension.

It is probably only if we manage to build a momentum in order to guide our colleagues, friends and society as a whole to understand why it is crucial to leave the centralized, closed-down services and products and shift to technologies that liberate, only if we manage to put enough pressure on policy-makers, only if we, as individuals and communities begin to care about the underlying architectural principles of our communication infrastructure and technologies, that we can achieve this objective. It may sound difficult, but it is not unachievable, as this is probably one of the most crucial undertakings for the future of our societies one in which we all have a part to play.

jz

Reposted bycheg00 cheg00

October 21 2013

Major Loopholes in Privacy Regulation - EU Parliament Must Stand For Citizens

Strasbourg, 21 October 2013 — The “Civil Liberties” (LIBE) Committee has just voted its report on Data Protection, led by Jan Philipp Albrecht. Despite some improvements, major loopholes – especially on “legitimate interest” and “pseudonymous” data – and the adoption of the secrete tripartite negotiation mandate (trilogue) could make the final text totally ineffective at protecting citizens. During these forthcoming negotiations, representatives of the Parliament should secure strong safeguards for citizens fundamental right to privacy.

Jan Philipp Albrecht
Jan Philipp Albrecht

By adopting compromise amendments 61 and 202, members of the “Civil Liberties” (LIBE) Committee, responsible for this matter, introduce the risk of making the whole legislation completely ineffective, despite the progress made tonight – explicit consent principle have for example been mantained. The Members of the LIBE Committee also made the very disturbing choice of accepting the secrete tripartite negotiations requested by the rapporteur Jan Philipp Albrecht. The text will now be modified behind closed doors, between the European Commission, the European Parliament and the Council (ministers from the Member States) . The latter could use untransparent negotiations to annihilate all the positive provisions of this Regulation, leading to a weak and dangerous final version of this legislation. Beginning the negotiations this way will undermine the European Parliament's position, and reduce the chance of public debate and citizen mobilisation.

In absence of democratic and transparent debate, the representatives of the European Parliament in these opaque negotiations should make sure that the achievements for strong safeguards for citizens' fundamental right to privacy are protected, even if that means postponing the adoption of the final Regulation. It will be better to have a real protection of European citizen privacy at the end of a long process, than a dangerous weak text before the next European election. The Parliament must seize the occasion of plenary vote to remove the dangerous loopholes opened by today's vote.

“Even though today's vote marks some advances for the protection of privacy, it introduces major loopholes that could make the whole Regulation ineffective. Moreover, the regrettable choice of the LIBE Committee to enter into secrete tripartite negotiation could also significantly weaken the Regulation. Representatives of the European Parliament will have to weigh in all along the negotiation process to make sure that the fundamental right of European citizen to privacy is fully protected.” concluded Miriam Artino, policy analyst for the citizen organisation La Quadrature du Net.

  • 1. This compromise may turn the “legitimate interest” exception into the main legal basis for processing, depriving citizens of any prior control (such as explicit consent) over how their personal data are processed.
  • 2. This compromise would void any protection against profiling based on “pseudonymous” data. But “pseudonymous” data may still be easily attributed to data subjects through further processing. Thus, any profiling based on such data must stay under data subjects' control.

Data Protection Regulation: La Quadrature's Voting Recommendations to LIBE

Paris, 21 October 2013 — Today, and probably Thursday1 in Strasbourg, the “Civil Liberties” (LIBE) committee of the European Parliament will vote on the future of the European Data Protection Regulation. Regarding this important issue, La Quadrature du Net just sent a letter to the members of the LIBE committee urging them to refuse the secrete tripartite negotiations, and giving its voting recommendations. Until the vote, La Quadrature du Net invites all citizens to make their voice heard, and to also contact their representatives.

The “Civil Liberties” (LIBE) committee vote on the European Data Protection Regulation is planned today at 18.30, and could continue Thursday at 12.00. This vote is a very important stage of the legislative procedure as it could be the last public one before the vote of the whole European Parliament in plenary sitting.

The Lack of Transparency of the Procedure

It is now certain that the rapporteur Jan Phillipp Albrecht will request a negotiation mandate for a 1st reading agreement2 to the members of the LIBE committee. As a matter of fact, if members of the LIBE committee consent to instruct Mr. Albrecht and his negotiating team3 for the trilogue, the European Commission, the European Parliament and the Council will continue their discussions behind closed doors, cutting short any chance of public debate.

If such a mandate is given, European citizens and NGOs would not be able to participate in an open debate on the decisions taken by a restrict group of MEPs on the future of data protection. An open debate is highly necessary because the main decisions on this dossier have been taken – under the pressure of tremendous lobbying operations – before Snowden's disclosures on worldwide mass surveillance.

LQDN's Compromise Amendments Voting Recommendations

Beyond the transparency of the procedure issue, some of the “compromise amendments”4, if they were adopted, would introduce legal loopholes on the Regulation, allowing companies to process without limits your data. As a consequence, La Quadrature du Net calls the LIBE members to:

A lot of other compromise amendments reached by members of the different political groups in LIBE are actually good. For instance those providing that consent must be explicit, that data must be fairly processed or that citizens must keep them under their control; but these good compromise amendments could be almost useless if the compromise amendments made on Article 6 and 20 are adopted.

Letter to LIBE committee

Once again, La Quadrature du Net invites all citizens to make their voices heard, and to contact the members of the LIBE committee. The citizen association recommends the use of the PiPhone, which permits to call MEPs easily and for free. However, other ways are described on its wiki, and the contact details of the LIBE MEPs are available here or on the Political Memory, allowing everybody to act in the way that best suits him. Here is the letter that La Quadrature just sent to the members of the LIBE committee:

Dear member of the LIBE committee,

Today, you will hold a vote on rapporteur Jan Philipp Albrecht's draft report regarding the future European Data Protection Regulation. In addition to the content of this legislation, you will be required to decide to allow Mr Albrecht to enter into negotiations with the Council in order to agree on a final text behind closed-doors.

In the context of the recent disclosures made by the whistleblower Edward Snowden about the scale of the surveillance program put in place by government authorities and secret services, the preparation of this Regulation provides you a unique opportunity to put in place legislation to defend European citizens’ rights to privacy and data protection.

You have the chance to develop a strong legal framework, inspiring good practices by business, guided by clear, predictable legal principles and enforcement, in an environment of trust, for many years. That legal framework – geared to protect the fundamental right to privacy of the European citizens – deserves an open and transparent debate that is equal to the challenge represented by these issues.

As a consequence, we call on you to refuse the secret tripartite negotiations and urge for transparency and a proper, in-depth public debate.

In any case, we urge you to reject compromise amendments made on articles 6 and 20.

COMP Article 6 may turn the “legitimate interest” exception into the main legal basis for processing, depriving citizens of any prior control (such as explicit consent) over the processing of their personal data. Instead, adopting AMs 99 to 102 would let control in the citizens' hands.

COMP Article 20 would void any protection against profiling based on “pseudonymous” data. But “pseudonymous” data may still be very easily attributed to the real identity of the given data subjects. Thus, any profiling based on such data must stay under data subjects' control. Instead, adopting amendments 158 to 165 & 1593 would provide strong protection for citizens against unfair measures based on profiling.

A few months before the European elections, we trust that through your vote, you will honour your obligations as an elected representative and relay the many concerns from citizens, academics, NGOs and regulatory bodies, on the fundamental right to privacy.

Respectfully,
La Quadrature du Net

Act now !

  • 1. If the votes are not finished on Monday, 21st October at 22:30 hours, the meeting might be suspended and resumption of works is scheduled for Thursday, 24 October 2013 from 10.00 to 12.00 hours.
  • 2. The rapporteur will ask the members of the LIBE committee – on the basis of Rule 70 of the Rules of Procedure of the European Parliament – for a mandate to enter in interinstitutional negotiations, which will take the form of tripartite closed-doors meetings between the European Commission, the Council (ministers from the Member States) and the European Parliament (the goal of the negotiations generally being the adoption the legislative act at an early stage of the procedure.
  • 3. Jan Philipp ALBRECHT (Greens/EFA), Sarah LUDFORD (ALDE), Axel VOSS (EPP), Dimitrios DROUTSAS (S&D), Alexander ALVARO (ALDE), Timothy KIRKHOPE (ECR), Cornelia ERNST (GUE/NGL)
  • 4. "Compromise amendments" stand for a package of amendments negotiated between political groups, before the official vote of the draft report in the committee responsible. The aim is to cover and replace the amendments tabled at the given stage of the procedure, in order to compromise on a common text geared to resolve the existing conflicts. If the negotiating team reaches an agreement, MEPs – sitting in the responsible committee – vote only on the compromise amendments, avoiding a long review of those amendments originally tabled. However if variances between political groups cannot be completely smoothened, MEPs can decide, at eleventh hours, not to vote on compromise amendments, but on the original ones.
  • 5. "1. Processing of personal data shall be lawful only if and to the extent that at least one of the following applies:
    [...]
    (f) processing is necessary for the purposes of the legitimate interests pursued by the a controller or in case of disclosure, by the third party to whom the data is disclosed, and which meet the reasonable expectations of the data subject based on his or her relationship with the controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. This shall not apply to processing carried out by public authorities in the performance of their tasks."

    This amendment may turn the “legitimate interest” exception into the main legal basis for processing, depriving citizens of any prior control (such as explicit consent) over how their personal data are processed.

  • 6. "(58a) Profiling based solely on the processing of pseudonymous data should be presumed not to significantly affect the interests, rights or freedoms of the data subject. Where profiling, whether based on a single source of pseudonymous data or on the aggregation of pseudonymous data from different sources, permits the controller to attribute pseudonymous data to a specific data subject, the processed data should no longer be considered to be pseudonymous."
    This recital would void any protection against profiling based on “pseudonymous” data. But “pseudonymous” data may still be easily attached to data subjects through further processing. Thus, any profiling based on such data must stay under data subjects' control.

October 17 2013

The European Parliament Must Protect Our Right to Privacy

Paris, 17 October 2013 — Few days before the vote of the “Civil Liberties” committee (LIBE) on the future European Regulation on the protection of our personal data, a coalition of European organisations release the following joint press release by 19 non-governmental organizations reaffirming the pressing need for a strong protection of the citizens' fundamental right to privacy.

Civil rights groups call on European Parliament to vote for strong data protection rules

On Monday 21 October, the European Parliament will decide on the future of privacy and data protection in Europe. The recent revelations surrounding government surveillance involving some of the Internet's biggest companies have highlighted the urgency of an update of Europe's privacy rules.

The Regulation will have a major impact on the digital environment for citizens, businesses and public bodies. “The choice is between clear, harmonised, predictable and enforceable rules that will benefit European citizens and businesses or unclear, unpredictable rules that will benefit nobody except data monopolies and lawyers,” said Joe McNamee, EDRi's Executive Director.

Civil society groups are concerned that any weakening of the European data protection rules and principles will undermine the rights and freedoms of European citizens. The past months have shown how important it is to limit the collection of data to the minimum necessary, to ensure privacy by design and to safeguard the right of individuals to delete their data from online services. The European Parliament now has the responsibility to ensure that Europe gets strong data protection rules for a competitive and harmonised market.

The Regulation will only be as strong as its weakest link, so it is critical that no loopholes are created that would undermine our democratic rights.

Joint press release by:

Access

Raegan MacDonald +32 486 301 096
raegan@accessnow.org

Alternative Informatics Association - Turkey

Özgür Uckan + 90 1 216 418 0 417
bilgi@alternatifbilisim.org

Article 19

Thomas Hughes, Executive Director +44 (0) 20 7324 2510
communications@article19.org

Bits of Freedom

Tim Toornvliet : +31 6 18606472
tim.toornvliet@bof.nl

Chaos Computer Club

Christian Horchert +49 151 46429622
fukami@ccc.de

Digitalcourage e.V.

Dennis Romberg
+49521 1639 1639
presse@digitalcourage.de

Digitale Gesellschaft

Markus Beckedahl +49 177 207503541
presse@digitalegesellschaft.de

Electronic Frontier Finland

Ville Oksanen +358 40 5368583
effi@effi.org

European Digital Rights

Joe McNamee +32 2 2742570
press@edri.org

Foundation for Information Policy Research (FIPR)

Ross Anderson +441223 334733
Ross.Anderson@cl.cam.ac.uk

Föreningen för Digitala Fri- och Rättigheter (DFRI)

Andreas Jonsson +46 733755980
andreas@dfri.se

Initiative für Netzfreiheit

Josef Irnberger josef.irnberger@netzfreiheit.org
+43 (0) 699 10 47 88 31

La Quadrature du Net

Jérémie Zimmermann +33 615 940 675
jz@laquadrature.net

Liga voor Mensenrechten vzw

Caroline de Geest +329 223 07 38
Caroline@mensenrechten.be

Open Rights Group

Jim Killock +44 784498127
jim.killock@openrightsgroup.org

Panoptykon Foundation

Katarzyna Szymielewicz +48 692 404 096
katarzyna.szymielewicz@panoptykon.org

Privacy International

Anna Fielder +44 20 7242 2836
anna@privacy.org

VIBE - Verein für Internet-Benutzer Österreichs

Andreas Krisch +43 1 480502511
andreas.krisch@vibe.at

Vrijschrift

Walter van Holst
walter.van.holst@xs4all.nl

October 16 2013

Reclaim Control Over Your Data!

Paris, 16 October 2013 – Few days before a crucial vote on the protection of our privacy, citizens supported by La Quadrature du Net start a campaign and information website: reclaimyourdata.eu. This site clearly shows the issues of this Regulation and proposes solutions to allow citizens to reclaim control over their personal data.

Next 21 October, the “Civil Liberties” committee (LIBE) of the European Parliament will vote on the future European Regulation on the protection of our personal data. The outcome of this vote will determine the content of the law protecting the privacy of European citizens against predatory behaviours of the Internet giants and the rise of global surveillance. Few days before this vote, the website reclaimyourdata.eu aims at clearly explaining the main issues of this Regulation and at proposing tutorials allowing citizens to try to reclaim control over their data by themselves.

La Quadrature du Net invites all citizens which want to take part in the debate to get informed and contact the Members of the “Civil Liberties” (LIBE) Committee and ask them to demand an open debate and the establishment of solid protections of their privacy. To do that, the association provides the PiPhone, a web tool allowing everyone to call MEPs free of charge and make their voices heard.

Act now !

October 14 2013

[Video] Will EU Parliament Sacrifice our Privacy for Electoral Reasons?



La Quadrature du Net calls on all citizens to contact Members of the European Parliament to urge them to refuse this obscure hijacking of this democratic debate. Ask LIBE members to refuse a 1st reading agreement with the Council, and guarantee a proper public debate for strong Data Protection!

For more information, see: https://www.laquadrature.net/en/will-eu-parliament-sacrifice-our-privacy...

Download and watch the video on our mediakit: http://mediakit.laquadrature.net/view.php?full=1&id=1189

Will EU Parliament Sacrifice our Privacy for Electoral Reasons?

Paris, 14 October 2013 – A crucial vote for EU Citizens fundamental right to privacy will take place on October 21st, in the “Civil Liberties” committee (LIBE) of the European Parliament. The future of the EU Regulation on the protection of individuals to the processing of their personal data will be decided by a vote on “compromise amendments”1. The rapporteur seems willing to request a mandate to enter closed-doors negotiations to severely cut short any chance of public debate. La Quadrature du Net calls on all citizens to contact the members of the LIBE committee to urge them to refuse this obscure hijacking of the democratic debate.


Call your MEPs now!

The rapporteur Jan Philipp Albrecht (Germany - Greens/EFA) may be about to request from the members of “Civil Liberties” committee (LIBE) a mandate for interinstitutional negotiations (trilogue). This mandate is de facto an official permission for the European Parliament to enter closed-doors negotiations with the European Commission and Member States, shortening the debate over the Regulation to only one reading2. This is especially alarming in the context of recent revelations by Edward Snowden, showing how much citizens' personal data and communications are being endangered by practices of states and corporations alike.

In pre-electoral context3, the main objective of the negotiating team4 in this manoeuvre seems to be able to boast about this Regulation being the best achievement ever reached in the field of data protection, even if that is yet far from the case and could even get worse5.

As things stand, allowing rapporteur Jan Philipp Albrecht to carry forward negotiations to compromise on a final text comes down to allowing the European Parliament and Member States to rewrite the Regulation without any actual public scrutiny (especially as the first four committees that have given their opinion on the text did so before Snowden's revelations). In doing so, Members of the European Parliament would avoid the heat of having this huge and controversial dossier still open during the electoral campaign and elections of 2014, but at the unacceptable price of completely shutting down the necessary public debate, therefore the general interest and defense of European citizens.

By refusing to grant such a mandate for closed-door negotiations, Members of the European Parliament would retain an opportunity to amend the text before the 1st reading vote in Plenary, and to make the text even better in 2nd reading. Betting now that compromise amendments will be acceptable, would ignore the very high risk that a last minute event turns the Regulation into exactly what giant corporations want: an open-bar to collect all of EU citizens data, without any constraint.

“Such an attempt to sacrifice a transparent debate to make the Regulation more effective at protecting our privacy for electoral purposes is a dishonor to democracy! Citizens need effective legal tools to regain control over their personal data in the face of the predatory behaviors of giant companies whose business models are based on collecting everyone's data, favouring the rise of global surveillance. Such legal empowerment cannot be achieved without a proper public debate.” concluded Jérémie Zimmermann, spokesperson for citizen advocacy group La Quadrature du Net.

Citizens must contact members of the LIBE committee, and especially the rapporteur Jan Philipp Albrecht to urge them to refuse a 1st reading agreement with the Council and guarantee a proper public debate that will go to the full-length of what the EU procedure allows. As a citizen platform, La Quadrature du Net provides the PiPhone, a web tool allowing to call MEPs free of charge:

Act now!

  • 1. "Compromise amendments" stand for a package of amendments negotiated between political groups, before the official vote of the draft report in the committee responsible. The aim is to cover and replace the amendments tabled at the given stage of the procedure, in order to compromise on a common text geared to resolve the existing conflicts. If the negotiating team reaches an agreement, MEPs – sitting in the responsible committee – vote only on the compromise amendments, avoiding a long review of those amendments originally tabled. However if variances between political groups cannot be completely smoothened, MEPs can decide, at eleventh hours, not to vote on compromise amendments, but on the original ones.
  • 2. The rapporteur will ask the members of the LIBE committee – on the basis of Rule 70 of the Rules of Procedure of the European Parliament – for a mandate to enter in interinstitutional negotiations, taking the form of tripartite closed-doors meetings between the European Commission, the Council (ministers from the Member States) and the European Parliament, generally geared to adopt the act at an early stage of the procedure.
  • 3. Next elections will take place in May 2014
  • 4. Jan Philipp ALBRECHT (Greens/EFA), Sarah LUDFORD (ALDE), Axel VOSS (EPP), Dimitrios DROUTSAS (S&D), Alexander ALVARO (ALDE), Timothy KIRKHOPE (ECR), Cornelia ERNST (GUE/NGL)
  • 5. At this point, European citizens do not have any assurance with regards to the Parliament's position on data protection. The tremendous lobbying efforts by Internet giants and the resulting 4000 amendments – a record for the Parliament! – tabled so far, make the global understanding of what the future text could look like and its potential consequences highly blurry and tangled.

October 09 2013

Snowden Should Get the Sakharov Prize

Open letter by 23 European organisations in support of Snowden's nomination for the Sakharov prize

Today, 23 European non-governmental organisations released an open letter to the Conference of Presidents of the European Parliament in support of Edward Snowden's nomination for the Sakharov Prize for Freedom of Thought 2013:

Dear Presidents,

We write to you on behalf of 23 European non-governmental organisations protecting fundamental rights, including the freedom of expression and information, to lend our support to the selection of Edward Snowden for the Sakharov Prize.

Edward Snowden’s recent disclosures have triggered a necessary and long-overdue public debate in the United States and beyond about the acceptable boundaries of surveillance in a democratic state and about the legitimacy and proportionality of counter-terrorism intelligence activities. The revelations also have prompted debates in the European Union.

The Sakharov Prize for Freedom of Thought was established to recognise individuals actively working to defend human rights and fundamental freedoms, in particular the right to freedom of expression. We believe that by his personal example, Snowden meets these criteria. His nomination to the Prize is in itself a contribution to the development of democracy and the rule of law in the European Union, in particular with regards to the protection of whistleblowers. It also sends a message of respect for international law. Awarding the Prize to Snowden would give a clear signal to the world that the EU values and protects those who are attacked for speaking out on violations of human rights. Daniel Ellsberg and earlier NSA whistleblowers have praised Snowden's actions. We are convinced that Andrei Sakharov would have done the same.

Sakharov – a nuclear physicist turned opponent of a repressive state – used his position in national security and defence to raise concerns about the preservation of human rights. Similarly, Snowden used his professional knowledge to draw attention to abuses of the fundamental rights of individuals and their effect on entire societies. In their transition from state servants to citizens' rights advocates, both men became dissidents, in the full knowledge of the likely cost of this action to them. It is the moral duty of the European Union to acknowledge a man who bravely stood up for our basic human rights, anticipating the cost that his action would have for his personal liberty. We are fully aware that all shortlisted candidates fully deserve their nomination and we understand that the choice is difficult. However, not all candidates are in the same position. Other nominees have already been provided with many other awards and are less controversial, as their activism is directed against totalitarian regimes.

When deciding the winner of the Sakharov Prize, please remember that Snowden has shown to the world that blanket and unaccountable surveillance is not limited to dictatorships, but that democracies can also undermine citizens' fundamental freedoms. Please also keep in mind that one of the few things the European Union can do right now is to support Edward Snowden.

Snowden’s actions represent a challenge to unfettered state power at the global level, and without regard to conventional and simple nationalist dynamics. An award would point the way towards safeguarding activism without borders in a networked world. So far Edward Snowden has received neither recognition for his courageous deeds nor support from the European Union collectively, from any individual Member State or from any single European institution.

As European citizens we believe that the Sakharov Prize would be the best way to change this undesirable state of affairs. Therefore we strongly encourage you to award the Sakharov Prize to Edward Snowden in honour of his courage and commitment to values that the Prize represents.

Sincerely yours

  • Alternative Informatics Association (Turkey)
  • ApTI (Romania)
  • Arbeitskreis Vorratsdatenspeicherung (Germany)
  • ARTICLE 19 (International)
  • Bits of Freedom (The Netherlands)
  • Chaos Computer Club e.V. (Germany)
  • DFRI (Sweden)
  • Digitalcourage (Germany)
  • Digitale Gesellschaft (Germany)
  • Electronic Frontier Finland
  • European Digital Rights (EDRi) (Europe)
  • Foundation for Information Policy Research (UK)
  • Initiative für Netzfreiheit (Austria)
  • Internet Society (Poland Chapter)
  • IT-Political Association of Denmark
  • Iuridicum Remedium (Czech Republic)
  • La Quadrature du Net (France)
  • Modern Poland Foundation (Poland)
  • Net Users' Rights Protection Association (NURPA) (Belgium)
  • Open Rights Group (UK)
  • Panoptykon Foundation (Poland)
  • Transnational Institute (The Netherlands)
  • Vrijschrift (The Netherlands)
Reposted bycheg00 cheg00

May 22 2013

Privacy Alert #1: Explicit Consent, the Cornerstone

This analysis is a part of a series.

Paris, 22 May 2013 — When you are browsing the web, can you say who collects information about you, what is the nature of that information and who may access it? Can you control who may know what about you? The European Commission intended to give you the power to do so, but European Parliament may vote otherwise, under pressure by corporate lobbies.

With the development of the data industry, citizens' control over their personal information has progressively decreased, while their fundamental right to privacy cannot be respected if they do not have proper legal instruments to protect their privacy themselves. But protection of privacy is not the only issue: this lack of control leads to a lack of trust that already damages both freedom of expression1 and growth of Internet services2.

To address this critical situation, the EU Commission proposes to give citizens actual control over their personal data by setting a simple principle: users must give their explicit consent for each collection, processing or trading of information related to them.

The issue

To better understand the sense of the European Commission Proposal, let's go back to the current European legislation – the outdated 1995 Directive – where consent does not have to be “explicit” but merely “unambiguous”3. What is an “unambuguous consent”? The meaning of such a vague definition “is often misunderstood or simply ignored”, as deplored by the Article 29 Working Party4, a European body gathering the data protection authorities of each Member State. An “unambiguous consent” can be considered as given when users, informed of the processing of their personal data, do not oppose it. However, since the current legal framework does not force companies to ensure users are effectively informed, most companies are not particularly enthusiastic about disclosing what data they collect, for what purpose, in a visible, accessible and handy way.

As a result, users are not aware of most of the processing their personal data undergo: in practice, would they want to, they would not be able to oppose such processing.

Take Amazon for instance. When you look at an item on its website, your visit is saved by the company in order to suggest you similar products:

Amazon recommendation based on browsing history

Although the caption “recommended based on your browsing history” shows an undergoing processing of some of your personal data, you don't know that Amazon is collecting in fact much more data than your viewed items, even if it is your very first visit and you are therefore not even logged in:

Personal data collected by Amazon

This information is only accessible on the very bottom of the website's pages:

Link to the Amazon Privacy Notice

As for Google, it does not indicate at all that it collects, stores and processes information on whatever request you make or website you visit. You can only know that by looking for Google's privacy policy page:

Personal data collected by Google

The Commission's Proposal

The Proposal made by the European Commission would radically change this situation by introducing the principle of user's explicit consent. This would require citizens' consent to be expressed “either by a statement or by a clear affirmative action”5, and for each and every purpose companies intend to collect their data. “Informed silence” could not be considered as consent anymore. Companies shall then have to actively seek users' consent, which means no personal data could be processed until users have been really and directly informed. If adopted, the Proposal would ensure that nothing happens out of users' sight and control.

To that respect, some good practices already exist and may provide clear examples of what “explicit consent” can be on the Internet. Web browsers such as Firefox and Chrome already require your explicit consent before sending information on your geographic location to a given website.

Consent request on Firefox for geolocation
Consent request on Firefox. Try it yourself by clicking on 'Give it a try!' on the top of this Mozilla page.

This ensures that, for every processing, you are really informed on what is collected and, thus, have truly given your consent. Then, if you want, you can also simply choose to “always agree” that the website you are visiting may collect your geographic location again without having to ask for your consent.

Even if the concept of that “request box” is largely perfectible – as it does not indicate how your data will be used and who may access them – it shows, at least, the kind of control we would have over our data if the explicit consent requirement was adopted.

Internet giants' recommendations

Users' control seems to be problematic for Internet giants whose profits largely depend on the amount of personal data they collect. They dread a greater control by users, which for them would equate with less data processed. It also shows how these companies deal with our privacy: if their activity was really respectful of our private life, why should they fear us not giving our consent? Requiring an explicit consent would only harm those businesses which do not respect our privacy. The other ones, by contrast, could only capitalize the gain of confidence resulted from a real users' control.

Google, Facebook, Microsoft, Amazon and eBay unanimously asked MEPs to withdraw explicit consent from the Regulation6. Their main argument is that users “demand Internet services that are fast, easy-to-use and efficient [therefore, systematically requiring an explicit consent would] lead users to opt in as a matter of routine”, “as a consequence of consumers being overloaded with consent requests”.

But, since asking for their consent is the only way to guarantee users are truly warned of every processing their personal data undergo, there can not be too many consent requests. Whoever opts in “as a matter of routine” would still be warned of processing while we currently rarely are.

In addition, once they have agreed that a website may process some of their data for a specific and clear purpose, users would not have to consent to further processing pursuing the exact same purpose7. Thus, stating that consumers would be “overloaded with consent requests” is simply wrong. In practice, users may generally only be asked once, if any, when visiting a website for the first time, and/or when using new features and functionnalities of the service for the first time.

MEPs' proposals

Malcolm HARBOUR
Malcolm HARBOUR (UK/ECR),
Chair of the IMCO Committee

The “Consumer Protection” (IMCO) and the “Industry” (ITRE) Committees have followed Internet giants' recommendations and voted against the explicit consent requirement. IMCO proposed to make consent's explicitness dependent on “the context”, which is as vague and dangerous as requiring an “unambiguous” consent8; while ITRE Committee simply proposed to keep the same “unambiguous consent” required by the 1995 Directive9.

Those two opinions seem to have had a major impact on the debate since seven amendments have been tabled in the The “Civil Liberties” (LIBE) Committee, by seventeen MEPs, to propose the withdrawal of the explicit consent requirement from the Regulation10. Which proves those LIBE members, mainly liberals and conservatives, do not want to give users control over their data.

Today, it appears that most of MEPs are against the explicit consent principle, deceived by hundreds of lobbyists, and will not change their mind unless we do mobilize and act now.

What you can do

Manifestation anti-ACTA
Manifestation anti-ACTA

First of all, you should use only software and services you can trust. Choose free-as-free-speech software, and host your own services as much as possible. Many tools, such Tor11, DuckDuckGo12, or browser add-ons such as NoScript or HTTPS Everywhere, allow you to replace, circumvent and block Internet services trying to collect your personal data.

Unfortunately, these solutions will never be enough to fully protect your privacy, as they are not installed by default, require effort, and are sometimes perceived as complex to use. So, we have to act to ensure real protection of citizens' privacy on the future regulation: write or call your representatives now – their voters' concerns and defense of fundamental freedoms should always weigh more than Internet giants' economic interest –, share this article, write some about your thoughts on data protection, talk about it around you, or invent something else using images, video, sound, etc. Now is time to Act! The LIBE members of different political groups have already started seeking compromises on this very issue: we must contact them before they agree on the worst amendments.

  • 1. The UNESCO published in 2012 a "Global survey on Internet privacy and freedom of expression", which starts by: “The right to privacy underpins other rights and freedoms, including freedom of expression, association and belief. The ability to communicate anonymously without governments knowing our identity, for instance, has historically played an important role in safeguarding free expression and strengthening political accountability, with people more likely to speak out on issues of public interest if they can do so without fear of reprisal.”

    What has always been true about governments' surveillance may now stand for private surveillance. May people really speak freely if any company, or anyone, can know who they are or access any other sensitive information related to them?

  • 2. A report by the Boston Consulting Group showed that “the value created through digital identity can indeed be massive: €1 trillion in Europe by 2020 [but that] two-thirds of digital identity’s total value potential stands to be lost if stakeholders fail to establish a trusted flow of personal data”.
  • 3. 1995 Directive:
    Article 2 - Definitions
    (h) 'the data subject's consent' shall mean any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed.
    Article 7
    Member States shall provide that personal data may be processed only if:
    (a) the data subject has unambiguously given his consent; or [...]
  • 4. Opinion of the Article 29 Data Protection Working Party on the Definition of Consent (2011):
    'This Opinion is partly issued in response to a request from the Commission in the context of the ongoing review of the Data Protection Directive. It therefore contains recommendations for consideration in the review. Those recommendations include:
    (i) clarifying the meaning of “unambiguous” consent and explaining that only consent that is based on statements or actions to signify agreement constitutes valid consent;
    (ii) requiring data controllers to put in place mechanisms to demonstrate consent (within a general accountability obligation);
    (iii) adding an explicit requirement regarding the quality and accessibility of the information forming the basis for consent, and
    (iv) a number of suggestions regarding minors and others lacking legal capacity.'
    'The notion of unambiguous consent is helpful for setting up a system that is not overly rigid but provides strong protection. While it has the potential to lead to a reasonable system, unfortunately, its meaning is often misunderstood or simply ignored.'
    'Clarification should aim at emphasizing that unambiguous consent requires the use of mechanisms that leave no doubt of the data subject’s intention to consent. At the same time it should be made clear that the use of default options which the data subject is required to modify in order to reject the processing (consent based on silence) does not in itself constitute unambiguous consent. This is especially true in the on-line environment.'
    'The Council Common Position10 in 1995 introduced the final (today's) definition of consent. It was defined as "any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed". The main change from the 1992 Commission position involved deleting the word "express" that had preceded the word "indication". At the same time, the word "unambiguous" was added to Article 7(a), so it reads as follows: "if the data subject has given his consent unambiguously".'
  • 5. Data Protection Proposal Regulation
    Article 4 - Definitions
    8. 'the data subject's consent' means any freely given specific, informed and explicit indication of his or her wishes by which the data subject, either by a statement or by a clear affirmative action, signifies agreement to personal data relating to them being processed.
  • 6. Read internet giant's recommendations send to MEPs against explicit consent on La Quadrature's wiki. You may also read many other documents send by lobbies to MEPs about this Regulation.
  • 7. La Quadrature du Net will publish a dedicated Privacy Alert on this very subject.
  • 8. Read our reaction to the 23 January IMCO's vote.
    IMCO's opinion: amendment 63
    Article 4 - Definitions
    8. ‘the data subject's consent’ means any freely given indication that must be specific, informed and as explicit as possible according to the context, of his or her wishes by which the data subject, either by a statement or by a clear affirmative action, explicitly whenever the data referred to in Article 9(1) are to be processed, signifies agreement to personal data relating to them being processed;

    (How to read an amendment: added to the initial text / deleted from the initial text)
  • 9. Read our reaction to the 21 February ITRE's vote.
    ITRE's opinion: amendment 82
    Article 4 - Definitions
    (8) ‘the data subject's consent’ means any freely given specific, informed and explicit unambiguous indication of his or her wishes by which the data subject , either by a statement or by a clear affirmative action, signifies agreement to personal data relating to them being processed. Silence or inactivity does not in itself indicate consent ;

    (How to read an amendment: added to the initial text / deleted from the initial text)
  • 10. Amendments 757, 758, 760, 762, 764, 765 & 766, tabled in LIBE by:
    Lidia Joanna Geringer de Oedenberg (S&D - Poland)
    Adina-Ioana Vălean (ALDE - Romania)
    Jens Rohde (ALDE - Denmark)
    Louis Michel (ALDE - Belgium)
    Sarah Ludford (ALDE - United Kingdom)
    Charles Tannock (ECR - United Kingdom)
    Timothy Kirkhope (ECR - United Kingdom)
    Axel Voss (EPP - Germany)
    Seán Kelly (EPP - Ireland)
    Wim van de Camp (EPP - Netherlands)
    Hubert Pirker (EPP - Austria)
    Monika Hohlmeier (EPP - Germany)
    Georgios Papanikolaou (EPP - Greece)
    Véronique Mathieu Houillon (EPP - France)
    Anna Maria Corazza Bildt (EPP - Sweden)
    Agustín Díaz de Mera García Consuegra (EPP - Spain)
    Teresa Jiménez-Becerril Barrio (EPP - Spain)
  • 11. Tor is a free software and an open network that helps you protect yourself against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.
  • 12. DuckDuckGo is an Internet search engine that uses information from crowdsourced websites such as Wikipedia to obtain its results. The search engine policy says that it protects privacy, and does not record user information.

May 07 2013

Privacy Alert: #0 Introduction

Paris, 7 May 2013 — For more than a year, the EU Parliament have been examining the Proposal for a Regulation of the EU Commission aimed at reforming the European data protection legal framework. Until now, the parliamentary committees examining the Proposal have so far proposed to restrict the protections of our fundamental right to privacy. As a crucial vote is approaching1 in the “Civil Liberties” (LIBE) Committee, La Quadrature du Net launches a series of analysis dealing with key points, stakes, development and threats of the reform.

Viviane Reding
Viviane Reding

In the face of the development of dangerous practices to the detriment of our privacy, in January 2012, the EU Commission introduced a Proposal for a Regulation – meant to reform the 1995 Directive – intended to supervise collection, processing and trade of European citizens' personal data. This Regulation, which should come into force in 2015, will be immediately enforceable in all EU Members States and will replace every current national law relating to this matter2. As proposed by Viviane Reding, Commissioner for Justice, Fundamental Rights and Citizenship, it could constitute a real advance for the protection of our privacy.

If the Regulation was adopted as it stands, it would;

  • allow to significantly strengthen citizens' rights, businesses' obligations and powers of supervisory authorities, such as the CNIL3 in France;
  • define a wider scope for this legal framework, which would apply to any companies – regardless of its geographical location – monitoring the behavior of European citizens or offering them goods or services.

An unprecedented lobbying campaign

In response to the proposal of the EU Commission, powerful companies, mainly based in United States (banks, insurances and Internet services), have led an unprecedented lobbying campaign4. Their goal is to make withdraw from the final version of the Regulation those proposals aimed at protecting citizens' personal data. As the Internet website LobbyPlag has clearly showed, some key MEPs have directly cut and pasted those requests made by US lobbies in their amendments.

Lobbyplag

Four committees5 of the EU Parliament have already given their opinion about modification to be made to the Proposal. Directly influenced by lobbies, they have all voted to weaken of the data protection legal framework and to limit companies' obligations with regards to the personal data they collect.

However, those opinions have a mere consultative value, which means the situation can still be reversed. The amendments the EU Parliament will adopt during the plenary session at the end of the year shall be previously adopted by the MEPs sitting in “Civil Liberties” (LIBE) Committee during a voting session which should likely take place before the end of June.

Act now!

Before this vote, we have to make certain that LIBE MEPs will not break under lobby pressure, like their colleagues in committees for opinion. We need guarantees regarding the efficient implementation of the regulation and on the other good points proposed by the EU Commission, rather than shattering them. As from now and until the vote, EU citizens must contact their MEPs to lay claim to a real protection of their fundamental right to privacy. As the ACTA rejection demonstrated last summer, citizens' calls for protecting the general interest rather than the private interest of the few can be heard by MEPs, as long as the citizen mobilization is significant, sustained and relayed enough.

In order to allow everyone to seize the stakes and key points of the debate, La Quadrature du Net is starting the release of a series of analysis focused on the major aspects of the Proposal. Each analysis will illustrate how the proposals made by the EU Commission would represent a real improvement of the current legal framework, why big companies are opposing to them and what positions MEPs set so far.

To get more information and discuss this, you can visit our forum.



Privacy Alert: #1 Explicit consent

The first analysis (coming soon) of the series will address the “explicit consent” issue and its importance for the control over our personal data.

  • 1. The LIBE committee vote was scheduled for 29-30 May but should finally take place before the end of June.
  • 2. The European Commission is the European Union institution detaining the right of legislative initiative. The European Parliament and the Council of the EU (composed by ministers of each Member State) can amend the legislation proposed by the Commission, which may come into force if they manage to agree on a text.

    Two kind of legislative acts can be adopted through this process: directives, setting principles and purposes each Member State must implement into its national law, and that may require to pass a new law; or regulations, which are immediately enforceable in all Member States simultaneously.

    The choice of a Regulation seems to be the better one to regulate personal data flow on Internet which is cross-border by nature. Indeed, the current European law – the 1995 directive – suffers from disparate implementations and interpretations among Member States, which some companies are playing on.

  • 3. The Commission Nationale de l'Informatique et des Libertés (National Committee for Information Technologies and Liberties) is a French independent administrative authority. It is in charge of monitoring Internet for online services to be at citizens' service and they do not threaten neither human identity, nor privacy, nor individual and public liberties, nor any other Human Rights.
  • 4. See La Quadrature's wiki page listing many documents sent to MEPs by private companies.
  • 5. Before voting in plenary session, MEPs work within committees, each dealing with specific issues (civil liberties, employment, agriculture…) and gathering a few dozen of MEPs. Those committees examine legislative bills proposed by the EU Commission and table amendments the whole Parliament votes during the plenary session.

    The “Consumer” (IMCO), “Employment” (EMPL), “Industrie” (ITRE) and “Legal Affairs” (JURI) Committees have all proposed amendments to the “Civil Liberties” (LIBE) Committee, which is in charge of drafting the report the Parliament will vote on.

    Visit La Quadrature's wiki for a precise analysis of the most dangerous amendments proposed by those committees: IMCO; ITRE; JURI.

April 24 2013

Regulation Set To Strip Citizens Of Their Right To Privacy

Paris, 25 April 2013 — A coalition of international and european organisations, including Access, Bits of Freedom, Digitale Gesellschaft, EDRI, La Quadrature du Net, Open Rights Group, and Privacy International, release a commun campaign and website, nakedcitizens.eu. The site allows concerned citizens to contact their representatives in the European Parliament to urge them to vote in a way that ensures the protection of their fundamental right to privacy.

Regulation Set To Strip Citizens Of Their Right To Privacy

Civil rights groups urgently demand that Members of the European Parliament protect the privacy of their citizens

Since revisions to the EU legal framework on data protection were proposed, there has been an unprecedented level of lobbying by corporations and foreign governments. The European Parliament is considering dangerous amendments to the Commission's proposals. These amendments would strip citizens of their privacy rights, according to a report from a coalition of civil rights groups. The report bases its findings on the analysis of nearly 4000 proposed amendments currently discussed in the European Parliament.

“Without effective privacy protection, our personal lives are laid bare, to be used and abused by business and governments.” says Joe McNamee of European Digital Rights and spokesperson of the coalition. “We urge Members of the European Parliament to put citizen's rights first and vote against these harmful proposals.”

In view of the final vote in the Civil Liberties Committee of the European Parliament on the Data Protection Regulation set for the 29th of May, the civil society coalition report highlights the five worst amendments to the Data Protection Regulation as proposed by Members of the European Parliament.

The Regulation proposed by the European Commission seeks to update and modernise the rules to suit the digital age, and provide citizens with greater control over their personal data. Excessive lobbying by large corporations and governments now means that this reform risks destroying the current legal framework.

Today's digital citizens need to be able to trust the online services they use. The exceptionally low levels of trust shown in both European and US consumer surveys are simply unsustainable for both citizens and business. Trust needs to be rebuilt by giving people back control over their own data through the right:
(1) to access and delete their own data,
(2) to move their data easily from one service to another,
(3) to know that consent to use their data for one purpose is not abused by companies which subsequently use the data for unrelated purposes,
(4) to know that their data is protected from foreign governments,
(5) to know that, if there is a security breach of their data, the company responsible is obliged to inform them.

To get more information and discuss this, you can visit our forum.

March 19 2013

Will You Let Protection of Your Data Go Down the Drain?

Brussels, 19 March 2013 — The “Legal Affairs” (JURI) Committee, the fourth and last one on this matter, had just voted its opinion on the European Commission's proposal of data protection regulation, led by Marielle Gallo (France - EPP). With this latest opinion vote, slightly less catastrophic than the previous ones, the European Parliament weakened once again the protection of citizen's personal data. Members of the four committees who gave their opinion chose to side with giant US corporations such as Facebook and Google that collect, process and trade data about our everyday life. Citizen mobilization is slowly starting to bear fruit, yet it must be tremendously amplified before the crucial vote of the main “Civil Liberties” (LIBE) Committee -scheduled for 24-25 April, but likely to be postponed- on its report.


Marielle Gallo

Once again, Marielle Gallo (France - PPE) chose to protect business interests rather than citizens' rights, and led the “Legal Affairs” (JURI) Committee to vote an opinion weakening the initial proposal by the European Commission to protect citizens' privacy. Amendments by Marielle Gallo and her conservative colleagues (helped by most Members of the liberal (ALDE) group) call for instance for allowing companies to process citizens' personal data and transmit them to third parties who can do whatever they want with them, if they claim it is their “legitimate interest”1. Some other adopted amendments call for the processing of data for uses incompatible with the original data collection2 and introduce all kinds of loopholes.

Thus, this vote follows the line of the “Consumers” (IMCO) vote of January, and of the “Industry” (ITRE) and “Employment's” (EMPL) votes of February, which already include most of the demands of the industry lobbies and jeopardized the protections initially laid down by proposal of the European Commission.

Still, all previous votes including this one were only opinion votes, with no legislative value. The next vote in the main “Civil Liberties” (LIBE) Committee, scheduled for the end of April, but likely to be postponed, will be the real decisive step that will determine if the EU will allow a full control of their personal data by citizens or a US-like regime where corporations can do anything they want, and process, store, sell citizens data without any constraint.

Yet, today's vote was slightly less catastrophic than previous ones, demonstrating that the Members of the European Parliament may be sensitive to the citizen mobilization and pressure from the media, and that they will only protect our right to privacy if we push them hard to do so. Before the LIBE vote, citizens must mobilize and contact their MEPs.

“Crucial stakes about our privacy and the future of online economy will be played in the main 'Civil Liberties' Committee. By increasing pressure on their elected representatives, citizens can put them in front of their responsibilities and impose that Facebook, Google and such gigantic corporations are not given an 'open bar' access to their personal data. We must retain control of our data, as it is our way to keep control of our lives online. All we be played between now and the upcoming European elections.” concluded Jérémie Zimmermann, spokesperson for citizen advocacy group La Quadrature du Net.

To get more information and discuss this, you can visit our forum.

March 11 2013

Data Protection: Last Opinion Vote in JURI on 19 March

Paris, 11 March 2013 — Revision of the European Data Protection Regulation is ongoing and the “Legal Affairs” (JURI) Committee will vote on its opinion on 19 March. Unfortunately, there are strong indications that JURI will vote in the same way as the previous committees and weaken the protection of EU citizens' privacy against corporations that collect, process and trade their personal data. With only one week left before the vote, citizens must act urgently and contact their members of the European Parliament (MEP).


Marielle Gallo

Following the votes in the “Consumers” (IMCO), “Industry” (ITRE) and “Employment” (EMPL) committees, members of the “Legal Affairs” (JURI) committee will vote on the 19 of March on their opinion on the revision of the Data Protection Regulation. This is the last opinion vote before the main, crucial vote1, on “Civil Liberties” (LIBE) report. The “Legal Affairs” (JURI) Committee, led by Marielle Gallo (France - EPP) – notorious for being one of ACTA's main proponents – is likely to vote in the same way that the three previous committees, weakening the protection of EU citizens' privacy contained in the European Commission's initial proposal. For example, some amendments tabled on the draft opinion suggest reducing the scope of the definition of “personal data”, using the outrageous fallacy of “pseudonymous data”2, and reducing sanctions against violations of the Regulation3.

Some of the most dangerous measures proposed by JURI members are directly copy-pasted from industry lobbyists demands, as the lobbyplag.eu website shows. They would jeopardise the positive advances made by the European Commission's initial proposal, such as the requirement of an explicit consent by the user and the reinforcement of the data protection authorities' powers.

Before the 19 March vote, citizens must contact members of JURI and ask them to4:

  • Defend the principle of explicit and informed consent for specific collection and processing of data, no more, no less;
  • Protect all personal data and refuse the absurd concept of “pseudonymous” data to be used as a derogation to safeguards;
  • Give data protection authorities the necessary power to protect our rights;
  • Ensure that every breach of personal data is immediately notified to both relevant bodies and users, and severely sanctioned if caused by excessive negligence or done on purpose;
  • Preventing the use of profiling for taking decisions with a deep impact on our everyday lives.

Each of these concerns is, in fact, mostly addressed in the European Commission's initial proposal. We must ensure that MEPs don't get fooled by the industry's lobbies into introducing more loopholes to the protection of our privacy.

“After the industry had its way in each of the three previous committees, this vote in the ‘Legal Affairs’ Committee is our last chance to get an opinion calling for a better protection of our fundamental right to privacy before the vote of the main committee. These votes are only ‘opinions’, but their impact is not to be underestimated and they may weight on the ‘Civil Liberties’ Committee's report. Before the 19 March, we must act, and urge members of the European Parliament to protect the general interest!” concluded Jérémie Zimmermann, spokesperson for citizen advocacy group La Quadrature du Net.

To get more information and discuss this, you can visit our forum.

  • 1. The “Civil Liberties” (LIBE) Committee, led by Jan Philipp Albrecht (Germany - Greens/EFA), is the main committee working on the Data Protection Regulation. It will vote on its report on 24-25 April 2013, taking into account the opinions expressed by the IMCO, ITRE, EMPL and JURI committees. The final LIBE committee report will table the amendments the whole European Parliament will vote on during the first reading in plenary session, expected for the end of 2013.
  • 2. Marielle Gallo (France - EPP), Sajjad Karim (UK - ECR) and Klaus-Heiner Lehne (Germany - EPP) have proposed three identical amendments which are the verbatim copies of a measure proposed by both the American Chamber of Commerce (see page 11) and EuroISPA, the 'world's largest association of Internet Services Providers' (see page 2). These amendments dictate that data which are not directly collected or processed together with the name of the data subject may be collected or processed without the data subject's consent, even if these data are tied to an unique identifier (for behavioural targeting, for instance) or may afterwards be easily associated with the data subject (see studies on the matter).
  • 3. While the proposed Regulation currently dictates that fines may be imposed to anyone who breaks the Regulation, even for a single and negligent breach, Amendments 63 to 66 tabled by JURI's members propose that only repeated and deliberate breaches of the Regulation may lead to a fine.
  • 4. For a more detailed view on the JURI's amendments to reject and to support, see: https://www.laquadrature.net/wiki/Data_protection:_JURI_shortlist
Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!

Schweinderl