This article is also available in:
Deutsch: PRISM-Skandal weitet sich immer mehr aus
Privacy campaigners have filed claims against Prism and Tempora, the US and British spy programmes that allow intelligence agencies to gather, store and share data on millions of innocent people.
Privacy International has submitted a claim to the Investigatory Powers Tribunal (IPT), hoping for a public hearing and early rulings, due to the seriousness of the issue. Privacy International’s statement refers to the Prism programme, which allows the NSA to intercept the communications of non-US citizens living outside America from global Internet companies such as Google, Facebook and Yahoo. It transpires that this information has been shared with the UK agency GCHQ. Privacy International also ask for a temporary injunction against the Tempora programme, which allows GCHQ to tap into the transatlantic fibre-optic cables used for telephone and Internet services and gather large amounts of sensitive data.
"If UK authorities are to be permitted to access such information in relation to those located in the UK in secret and without their knowledge or consent, the European convention on human rights (ECHR) requires there to be a legal regime in place which contains sufficient safeguards against abuse of power and arbitrary use. There is no such regime," says PI's statement.
Also, emails and phone calls made in the UK that pass electronically through the US can be intercepted by the NSA, which has access to these data as well. Moreover, the UK agency, by accessing the US programme, can “obtain private information about UK citizens without having to comply with any requirements of RIPA (the Regulation of Investigatory Powers Act)"
Privacy International intended to file the claim in the Administrative Court, which would have had public proceedings. They were however forced to file the claim with the IPT, a secret tribunal that does not make its proceedings public and does not have to give reasons for its decisions.
"One of the underlying tenets of law in a democratic society is the accessibility and foreseeability of a law. If there is no way for citizens to know of the existence, interpretation, or execution of a law, then the law is effectively secret. And secret law is not law. It is a fundamental breach of the social contract if the government can operate with unrestrained power in such an arbitrary fashion," said Eric King, head of research at Privacy International.
The civil rights group Liberty has also made a complaint to the IPT. The group believes its own electronic communications and those of its staff may have been unlawfully intercepted by the security services and GCHQ.
In the US, a broad coalition of organizations teamed up for a freedom of association lawsuit. The coalition filed a suit against the National Security Agency (NSA) for the violation of the First Amendment right of association by illegally collecting their call records. The coalition is represented by the Electronic Frontier Foundation (EFF), a digital rights group, also a member of EDRi, with years of experience in fighting illegal government surveillance in the courts.
To make things worse, the PRISM scandal continues after the Guardian revealed documents disclosed by former NSA employee Edward Snowden that appear to show that Microsoft collaborated with US intelligence services to allow users' communications to be intercepted, including helping the NSA to circumvent the company's own encryption.
The documents appear to show that Microsoft collaborated with the FBI and CIA and the material collected through Prism is shared by all three agencies. Skype was revealed as one source of information.
"This makes it clear that trusting Microsoft with your critical company data is downright negligent. In both the public and the private sector, those responsible for security and data protection urgently need to take action to protect their organisations, customers and clients," says Karsten Gerloff, President of the Free Software Foundation Europe.
In its statement to the Guardian, Microsoft said that its “compliance team examines all demands very closely, and we reject them if we believe they aren't valid”. Also, that the company said that it only complies with “orders about specific accounts or identifiers”, “would not respond to the kind of blanket orders discussed in the press over the past few weeks, as the volumes documented in (its) most recent disclosure clearly illustrate.”
The company added: “when we upgrade or update products, legal obligations may in some circumstances require that we maintain the ability to provide information in response to a law enforcement or national security request. There are aspects of this debate that we wish we were able to discuss more freely. That's why we've argued for additional transparency that would help everyone understand and debate these important issues.”
US and UK are not alone in this electronic information gathering race. France is not that far behind. Le Monde has also revealed that DGSE (Direction générale de la sécurité extérieure) systematically collect electromagnetic signals from computers and phones in France including the traffic between French citizens and people abroad. Information from emails, telephone calls, access to Facebook or Twitter are then stored for long periods of time. The database can be accessed by all French intelligence services.
Revelations on French Big Brother (only in French, update 7.07.2013)
http://www.lemonde.fr/societe/article/2013/07/04/revelations-sur-le-bi...
NSA and GCHQ spy programmes face legal challenge (8.07.2013)
http://www.guardian.co.uk/uk-news/2013/jul/08/nsa-gchq-spy-programmes-...
Privacy International files legal challenge against UK government over
mass surveillance programmes (8.07.2013)
https://www.privacyinternational.org/press-releases/privacy-internatio...
New Snowden leak: Storing your data at Microsoft is negligent
(12.07.2013)
https://fsfe.org/news/2013/news-20130712-01.en.html
How Microsoft handed the NSA access to encrypted messages (12.07.2013)
http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboratio...
Unitarian Church, Gun Groups Join EFF to Sue NSA Over Illegal
Surveillance (16.07.2013)
https://www.eff.org/press/releases/unitarian-church-gun-groups-join-ef...
This article is also available in:
Deutsch: Vorratsdaten: "Das Gericht soll zugunsten der Freiheit entscheide...
On 9 July 2013, the European Court of Justice held a hearing before the Grand Chamber on the validity of the data retention directive (2006/24/EC). In line with the questions the involved parties received from the Court, the hearing focused on Art. 7 and 8 of the Charter of Fundamental Rights of the European Union.
The representatives of the parties who initiated the cases in Ireland and Austria, Digital Rights Ireland, Human Rights Commission Ireland, AK Vorrat Austria and an individual Austrian citizen argued that the data retention directive is incompatible with the Charter. There still is no evidence available, they argued, that the excessive collection of communication data is a necessary and proportionate measure for combating organised crime and terrorism in the EU. Furthermore, the data available proves that retained data is used for the investigation of crimes not foreseen in the directive, like theft, drug trafficking and stalking.
The lawyer of AK Vorrat, Ewald Scheucher, referred to the ruling of the German Constitutional Court, which stated that the cumulative effect of fundamental rights restrictions need to be taken into consideration when judging the legitimacy of a single measure. Given the revelations regarding PRISM, this cumulative effect now clearly provides a different result that at the time when the German Court took its decision. Furthermore, he stated that the Austrian implementation of the directive clearly showed that a Charter-compatible national implementation of the data retention directive is not possible. This argument is bolstered by the fact that the main author of the Austrian implementation is among the 11 139 Austrian plaintiffs who challenged data retention before the Austrian Constitutional Court.
Mr. Scheucher closed his statement with the words: "We ask the Court to rule in favour of Freedom. Security already has enough advocates."
Following the statements of the plaintiffs, a number of member states and EU institutions were asked to deliver their answers to the questions of the court. Many of them referred to the evaluation report the Commission published in 2011. This was remarkable, as this report suffered itself from a lack of evidence as, amongst other shortcomings, many member states were unable to provide any statistically relevant data on the use of retained data for the purposes defined in the directive. On the contrary, it showed an excessive number of uses in Poland in the context of minor offences.
New statistical data were presented by the representative of Austria. He explained that between 1 April 2012 and 31 March 2013 retained data has been accessed by Austrian prosecutors in 326 cases. Out of these 326 cases, 139 are already closed. In 56 of these 139 cases, the data retained contributed to solving the case. The offences of these cases were: theft (16), drug offences (12), stalking (12), fraud (7), robbery (7) and others. Following an ad hoc question of a judge, it was further stated that none of the cases involved terrorism and that the question whether organised crime was involved needed further investigation.
The statements of the other member states followed the lines that data retention is necessary and proportionate, the opposition against data retention is caused by fears of data breaches (Ireland), the anonymity of the communication needs to be avoided (Spain), the ECJ should focus on the core contents of the directive and not on the room it leaves for the implementation by member states (Italy) and that anonymous uses – like prepaid mobile phones – are not damaging the value of data retention, as additional means like video surveillance can be used to identify individuals.
The representative of the European Parliament stated that the directive was valid and in line with the Charter. Being a directive harmonising the internal market, he argued, it only regulates the obligations of providers and does not deal with the law enforcement aspects, which need to be defined by the member states. This statement led to questions by one of the judges who wanted to know if it was due to the chosen legal basis that the protection of fundamental rights could not be regulated in more detail. This was confirmed by the EP representative, whereupon the judge asked whether the legal basis should rather be chosen based on the compliance with fundamental rights. The representative of the Parliament agreed but stated that while it was important to protect fundamental rights, it was not possible to do such regulation in an internal market directive.
The representative of the Council argued – like some member states before – that the use of retained data can only be judged in the context of national laws and that therefore the directive needed to be seen in isolation rather than in context of national implementations. The maximum retention period of two years also reflects the different traditions of member states and is needed to analyse the communication of terrorists in the context of bomb attacks.
Also, the representative of the European Commission argued that the directive was only about the obligation to retain data, while the use of the data needed to be regulated by the member states. Furthermore the directive needed to be judged on the basis of the legal situation in 2006. Following this statement a judge asked whether the position of the Commission was that the Charter were not applicable. This was denied.
Finally, the representative of the European Data Protection Supervisor delivered his statement. He stated that the necessity of data retention has not been proven and that no alternative, less intrusive measures have been evaluated. In addition, the directive was not sufficiently clear in limiting the purpose of the data processing. Furthermore the use of the retained data should not be left over to be regulated by member states without further guidance by the European legislator.
The hearing continued with a number of detailed questions by the judges which also included whether data retention could be lawfully outsourced to other data processors within the EU or in third countries. According to a report, 36 percent of the retained data is subject to outsourcing and the third largest provider is based in a third country operating on the basis of the Safe Harbor agreement. Being asked whether the national laws of third countries concerning the access to data by national authorities could negatively affect the lawfulness of the processing, the representative of the Commission could not answer immediately and he also failed to provide a clear answer to whether the websites accessed by users are to be retained on the basis of the directive.
The Advocate General will provide his opinion on the 7 November 2013.
EDRi-gram 11.13: European Court of Justice data retention cases to be
heard on 9 July (including the questions asked by the Court, 3.07.2013)
http://www.edri.org/edrigram/number11.13/ecj-data-retention-case-9-jul...
EDRi-gram 9.8: Top 10 misleading statements of the European Commission
on data retention (20.04.2011)
http://www.edri.org/edrigram/number9.8/data-retention-evaluation
EDRi shadow data retention report (17.04.2011)
http://www.edri.org/files/shadow_drd_report_110417.pdf
Live-Ticker on the ECJ hearing on the data retention directive (only in
German, 09.07.2013)
http://netzpolitik.org/2013/live-ticker-vom-eugh-verfahren-gegen-die-v...
(Contribution by Andreas Krisch - EDRi member VIBE!AT - Austria)
This article is also available in:
Deutsch: VDS in Österreich: Auslagern der Speicherverpflichtung an die USA
During the ECJ lawsuit against the data retention (DR) directive it became clear that DR obligations may have been outsourced to contractors, maybe even to US-based companies, thereby giving US authorities potentially unrestricted access to all such retained data.
Austria is one example of EU member state with data retention in place. Therefore, the Austrian NGO Initiative für Netzfreiheit asked the national data protection authority (DPA) whether it could rule out that Austrian service providers have outsourced their DR obligations, maybe even to US based contractors and storage locations.
The head of the Austrian DPA answered that they had no way of knowing whether Austrian service providers have outsourced their DR obligations at all, let alone to US based contractors. If DR obligations were outsourced to unsafe third countries, this would have to be registered with them. However, due to the safe harbor provision, US based companies that take part in it are exempted from the registration obligation.
The Austrian DPA has the authority and duty to ensure that appropriate security measures have been established for all DR obligations. For this purpose, the Austrian DPA also has the right to inspect the data centers where data retention occurs in order to be able to assess the effectiveness of the security measures in place. The Austrian DPA stated to the Initiative für Netzfreiheit that in over 15 months of the data retention being required by law they did not assess any data retention security measures at all but that they were planning to do so. Also, when asked if they thought that they could really get access to the datacenter of a US based service contractor, the DPA admitted that they had not thought of such a case yet and that they didn't think they could actually execute their inspection rights at US located data centers.
In summary, it has to be concluded that there is no way for the Austrian DPA to even know about US-based outsourcing of DR data handling. Nobody can rule out that Austrian service providers have outsourced their DR obligations and thus nobody can rule out that Austrian DR data are stored on servers in the US, thereby giving US authorities direct access to the DR data of Austrian citizens.
The Initiative für Netzfreiheit thus demands the immediate repeal of the data retention in Austria as well as the annulment of the safe harbor provision. "It is completely unacceptable that US services might have direct access to the location and connection data of Austrian citizens. This demands immediate action.", says Josef Irnberger for the Initiative für Netzfreiheit.
"Not even the data protection authority can rule out direct access by US authorities to the data retention data of Austrian citizens, nor could they even rightfully demand access to US data centers. Seen alongside the blatant human rights violation created by the very existence of the data retention directive itself, this really takes the biscuit" added Josef.
Original press release (only in German, 11.07.2013)
https://netzfreiheit.org/2013/07/11/pressemitteilung-prism-vorratsdate...
CEJ Data retention case - live blogging (only in German, 9.07.2013)
https://netzpolitik.org/2013/live-ticker-vom-eugh-verfahren-gegen-die-...
Safe harbor
https://en.wikipedia.org/wiki/Safe_harbor_%28law%29
(contribution by Josef Irnberger - EDRi member Initiative für Netzfreiheit - Austria)
This article is also available in:
Deutsch: EP-Rechtsausschuss: Einstimmige Entscheidung zur kollektiven Rechtever...
The proposal from the European Commission for a Directive on collective management and related rights and multi-territorial licensing of rights in musical works for online uses in the internal market (hereafter Collective Rights Management Directive) was a good start to put an end to some of the unreasonable practices by collecting societies around Europe.
On 9 July, the Legal Affairs Committee (JURI) voted on the report lead by Marielle Gallo (EPP, France) amending the Collective Rights Management Directive. The report passed unanimously.
Broadly speaking, the final text brokered by Gallo represents an improvement on the original proposal from the European Commission. One of the main improvements is on the transparency of the collective management organisations (CMOs). The list of data that have to be public has been significantly extended, including the repertoires and rights managed, standard licensing contracts and applicable tariffs, a list of representation agreements and any information on works for which one or more rightholders have not been identified. This is a precondition to ensure fast, efficient and transparent licensing.
On licensing specifically and the relation between users and CMOs, EU case law on tariffs has been codified and the amendments to the text propose to speed up the process of granting licences, which would allow innovative services to emerge faster in the EU market, to the benefit of all stakeholders. The redistribution of the amounts collected to artists and creators should also happen faster. The rules will apply to all CMOs regardless of their financial situation or number of employees. The possibility for CMOs to limit the re-use of information has been deleted, which is very important to the much-needed freedom for content creators to change CMOs.
The bad news however is that the Committee has deleted some important provisions. References to the Services Directive (2006/123/EC) were deleted, which is likely to result in a long and tedious legal battle to clarify the situation, since there is no exception from competition law and the Treaties still apply. Much worse is that the Directive is essentially toothless now, as the provisions on sanctions have been deleted. While the individual freedom of artists to dispose of their work is clearly recognised in the text voted in JURI, this freedom is significantly weakened by the possibility offered to CMOs to determine rules preventing misuses of the right of artists to withdraw their rights or terminate their authorisation. It is difficult to imagine that such a rule will create harmonisation and it will definitely create legal uncertainty.
Finally, some parts constitute an improvement but they could have gone further. Collecting and keeping money collected by CMOs on orphan works is problematic. The European Parliament is trying to improve the situation by reducing the time the money can be kept and by putting rules into place to avoid misuse of this undistributed money. However, the idea of having a completely separate fund for this money has been rejected. Although the JURI's vote to recognise non-commercial licenses is a good first step, it falls short of a proper recognition of the artist's autonomy to choose a licence. According to the adopted text, CMOs will have to allow their members to grant non-commercial licences, but it is unfortunate that Ms Gallo's initial proposal to allow creators to have their rights managed on a per-work basis, was not in the compromises. However, it seems that one of Mr Engström's (Greens) amendment, that was adopted, does offer this possibility to artists. Let's hope that this provision survives the final first reading vote in a European Parliament plenary session later this year.
If there are some very good amendments, there are also some bad ones and some which could have been better. However, in light of tenor of many of the amendments she was faced with, the Rapporteur did quite a good job, and having a unanimous vote on a legislative copyright dossier is a rare achievement. The discussion is however not over, so let's just hope that the positive developments will be maintained.
The final report including the compromise amendments is not published yet.
Proposal for a Directive of the European Commission
http://ec.europa.eu/internal_market/copyright/docs/management/com-2012...
Draft Report from Marielle Gallo (EPP, Rapporteur on the file)
http://www.europarl.europa.eu/RegistreWeb/search/simple.htm?language=E...
Proposed amendments by the other members of the Legal Affairs Committee
http://www.europarl.europa.eu/RegistreWeb/search/simple.htm?language=E...
(Contribution by Marie Humeau - EDRi)
EDRi member Electronic Frontier Finland (Effi) has submitted on 8 July 2013, with support from Avoin Ministeriö, a citizens' legislative initiative, titled "Yes We Can - The law for safeguarding of freedom of expression and privacy internationally", to the Ministry of Justice. If the initiative collects 50 000 names (almost 1% of total population of Finland) within 6 months, the Finnish parliament is obliged to vote on the proposal. The initiative criminalizes spying on citizens, requires authorities and enterprises to report on the collection and utilization of citizens' data, and enhances significantly protection of whistle-blowers in Finland.
Effi's vice chairman Ville Oksanen states: "We are tired of officials and especially politicians being totally inactive in these matters. Working groups and endless discussions are not going to solve the problem, they are just used to hide the matter from the public discussion. With this initiative we want to show that with sufficient political will it is possible to provide protection and significantly improve citizens? position against excessive surveillance." Oksanen continues: "Similarly, the initiative would address the gaps that prevent whistle-blowers, such as Edward Snowden, from gaining reliable protection in Finland."
The Lex Snowden initiative has three main elements. Firstly, it adds new articles to the Criminal Code to criminalize excessive surveillance of citizens. This crime would be defined as a so-called universal crime, which means it would be possible to prosecute in Finland even if the act had taken place in another country. Penalties would also be available against companies that participate in illegal surveillance: a Finnish court could impose a corporate fine, the amount of which would be a maximum of 25% of the company's total international revenue.
Oksanen comments: "It is of course clear that punishments on this basis would not be executed in the country doing the surveillance. Perpetrators of this act, however, could have difficulties travelling as, for example, an Interpol international warrant could have been issued for their arrest."
The second section substantially extends authorities' and telecom operators' liability to report their mass personal data collection, storage and use. At the moment, the Ministry of the Interior reports about data retention practices only to the EU Commission. Companies are not currently required to report about their respective data collection practices at all.
The third proposed change is the closure of the gaps in the legislation that have been revealed in the case Edward Snowden related to the granting of protection for whistle-blowers. The proposal would make the extradition of whistleblowers impossible. Also, they could no longer be prevented from obtaining an entry or residence permit.
Effi chairman Timo Karjalainen states: "Unfortunately, this legislative package is unlikely to assist directly the case of Edward Snowden. However, similar cases will surely occur again, so it is important to fix the law now." Karjalainen concludes: "In addition this proposed bill would make Finland a leading country in safeguarding digital rights and privacy. This would be a great selling point for Finland as a potential site for cloud services. Subscribers of cloud services certainly want to avoid countries where surveillance is rampant."
The draft law has gathered almost 1500 signatures after the first week.
Effi: Legislative initiative to protect privacy and whistle-blowers
(8.07.2013)
http://www.effi.org/julkaisut/tiedotteet/pressrelease-2013-07-08.html
Effi’s campaign site for the Lex Snowden
http://snowden.effi.org/?page_id=2
Draft law on Citizens initiative website (only in Finnish)
https://www.kansalaisaloite.fi/fi/aloite/442
(Contribution by EDRi member Electronic Frontier Finland)
This article is also available in:
Deutsch: Three-Strikes: Frankreich verabschiedet sich von Netzsperren
The French three strikes law, known as Hadopi, has for years generated debate and controversy, primarily because it allowed for the disconnection of the Internet connections of individuals deemed to have illegally downloaded copyrighted material. Now, however, there is a slight ray of sunshine in the matter. The French Government has given up on this approach.
On 9 July 2013, a decree was published eliminating the possibility to cut off users’ connections for alleged copyright infringement. An automated fine system will now be applied to those allegedly infringing the copyright law.
In June 2013, a nine-member panel lead by former Canal Plus chairman Pierre Lescure, issued a report on policies for the entertainment industries in the digital age which concluded, among other things, that the three strikes system had not delivered the results promised by the government. The panel recommended that the Internet disconnections for infringers should be given up.
The measure will be replaced by a “five-class” fine, meaning a fine of 1500 Euro which could go even up to 3000 Euro in cases of continuous infringing “when the regulations allow it.” According to the Minister of Culture Aurélie Filippetti, this imposition of the fine will be at the decision of a judge who is the only authority to “decide upon the relevance and amount” of the fine. Hadopi, the independent authority, will disappear. That could be also good news. But not really, since the three strikes warning system will continue as a “pedagogical” measure and will be operated by Audiovisual Regulatory Authority - CSA (Conseil supérieur de l’audiovisuel).
Meanwhile, Ireland is heading in a different direction. On 3 July 2013, the Irish Supreme Court has backed a “three strikes and you’re out” agreement upholding a challenge by four music companies to an enforcement notice of the Data Protection Commissioner of 5 December 2012 which required Eircom to stop implementing the three strikes protocol by means of which users receive three warnings for illegal downloading before terminating their Internet access service.
The Supreme Court unanimously dismissed the appeal made by the data commissioner against the High Court decision because the Irish DPA did not specify what provisions of the Data Protection Acts had been contravened by the protocol.
Three Strikes and You’re Still In – France Kills Piracy Disconnections
(9.07.2013)
http://torrentfreak.com/three-strikes-and-youre-still-in-france-kills-...
French Criminal Code – Sub-section 4: Infringement fines (only in French)
http://www.legifrance.gouv.fr/affichCode.do?idSectionTA=LEGISCTA000006...
Hadopi: Filippetti cuts the cut but not the fine (only in French,
9.07.2013)
http://www.ecrans.fr/Hadopi-Filippetti-coupe-la-coupure,16683.html
Hadopi: Filippetti confirms the death act but supports the private copy
(only in French, 9.07.2013)
http://www.zdnet.fr/actualites/hadopi-filippetti-confirme-l-acte-de-de...
Hadopi: cutting the Internet access is eliminated (only in French,
9.07.2013)
http://www.francetvinfo.fr/france/hadopi-la-coupure-d-acces-a-internet...
Supreme Court backs 'three strikes' deal to fight illegal downloading
(3.07.2013)
http://www.independent.ie/irish-news/supreme-court-backs-three-strikes...
EDRi-gram: Hadopi wants to turn to privatised enforcement measures (13.03.2013)
http://www.edri.org/edrigram/number11.5/hadopi-wants-privatised-law-en...
This article is also available in:
Deutsch: Bleibt 'Notice & Action'-Richtlinie in der Schublade?
On 3 July 2013, a number of nine MEPs sent a letter to Michel Barnier, European Commissioner for Internal Market and Services, regarding a Notice-and-Action directive that was not prepared but subsequently not published or proposed by the European Commission. As a result, the European Parliament was not, and will not be, able to give its position on the subject.
While welcoming the fact that Barnier’s services have undertaken careful investigations in the field, having in view the great concerns in the area (especially considering projects that “have undermined citizens’ trust in the Union” such as CleanIT), the letter however expresses concern for the fate of the proposal for a notice and action directive.
It seems that Commissioner Michel Barnier has chosen not to publish the proposal although it took 3 years of investigations to produce it and these investigations concluded that the circumstances under which requests for material takedown are made, are extremely arbitrary and in need of clarification.
It appears that opposition to the proposal came from Cecilia Malmstöm, Commissioner for Home Affairs. She (as Commissioner responsible for funding the CleanIT projet), objected to clearer procedures for dealing with allegedly illegal material.
“As elected members and representatives of the European public, this is of high concern to us. The political process will not gain legitimacy if publicly elected representatives are not allowed to scrutinize and debate proposals of concern in a transparent and democratic manner’” says the MEPs' letter.
The MEPs therefore ask Barnier’s directorate “to propose the draft text as a directive for the Member States. It is not acceptable that the Parliament is kept out of these important discussions. If the indications that the directive might collapse into a mere recommendation come true and in this way the Parliament gets no say – we fear that both the citizens’ trust in European institutions as well as our trust in the European Commission may suffer.
We trust that you agree that a transparent and inclusive mechanism for political decision making is the preferred route for Europe, and we’re looking forward to our further interactions.”
MEPs Letter to Michel Barnier European Commissioner for Internal Market
and Services (3.07.2013)
http://ameliaandersdotter.eu/sites/default/files/letter_commissioner_b...
Commission staff working document “Report on the implementation of the
e-commerce action plan” (23.04.2013)
http://ec.europa.eu/internal_market/e-commerce/communications/2012/ind...
EC Notice-and-action Procedures
http://ec.europa.eu/internal_market/e-commerce/notice-and-action/index...
Letter to Michel Barnier on the Notice-and-Action in Europe (only in Swedish, 6.07.2013)
http://ameliaandersdotter.eu/2013/07/06/brev-till-michel-barnier-om-no...
This article is also available in:
Deutsch: Geschlossene Systeme sabotieren Rechte der Verbraucher
Can you resell your used apps for your iOS or Android device? How about your video games that you purchased from Valve’s Steam Store?
The answer is yes and no. Legally, you are allowed to resell your used apps and Steam games if they were marketed in the EU. However, from a practical perspective, the owners of closed platforms such as Apple’s App Store and Valve’s Steam Store don’t allow users to transfer their unwanted software licenses to other users, effectively making it impossible for a user to resell their used apps and games.
According to the European Court of Justice (ECJ)'s decision in UsedSoft v Oracle case of last summer, if you pay a fee for software and are granted a license to that software for an unlimited period of time, then the copyright holder has exhausted their exclusive distribution right. Even if the license agreement prohibits a further transfer, the rightholder can no longer oppose the resale of that copy. This applies to both software distributed on a physical medium (CD-ROM or DVD) as well as downloaded software. Thus, consumers in the EU are legally allowed to resell most of their apps and games.
However, closed environments like Valve’s Steam Store are preventing consumers from reselling their used software in two ways. The first is through restrictive user agreements. For example, the Steam Store’s license agreement states that “The Software is licensed, not sold. Your license confers no title or ownership in the Software.” However, since consumers pay a fee for a license that lasts an unlimited period of time, games bought via the Steam Store clearly fall under the UsedSoft v Oracle ruling and Valve cannot oppose their resale.
The other way closed environments like Steam prevent consumers from reselling their unwanted software is by failing to provide a mechanism that allows a Steam user to transfer a license of their software to another Steam user’s account. The omission of this simple mechanism makes it impossible for Steam users to resell their unwanted software, since the consumer has no way to complete a sale, which would require a license transfer of the software being sold to the buyer’s account.
Since consumers cannot resell their unwanted software purchased from closed environments, second-hand markets for used apps and Steam games are prevented from forming, even though distributors like Valve have exhausted their distribution rights and cannot oppose resale of their software.
With software increasingly being distributed via downloads, closed environments are gaining popularity. Apple, Microsoft, Google and Valve all distribute software for their platforms via their own closed environments. Owners of these closed environments take a percentage of the sales of any software distributed via their online store and the software developers who make the applications that are sold no longer lose sales to consumers buying cheaper used copies of their software instead of new copies.
Consumers, however, have their right to resell their digital property restricted and also lose access to secondary markets where they would be able to obtain the same product at lower prices. As software is increasingly distributed via closed environments, we must protect consumers’ right to own and resell their software.
ECJ case - UsedSoft v Oracle ruling (3.07.2012)
http://curia.europa.eu/juris/document/document.jsf?docid=124564&do...
(Contribution by Michael McNeff - HalfPriceDigital.com)
This article is also available in:
Deutsch: ENDitorial: Geplante Telekom-Regulierung mit oder ohne Netzneutralitä...
Last week, an internal draft of a regulation for a “telecoms single market” was leaked in Brussels. We published an initial reaction to this document. But what are the details of the text and what do they mean? The draft is a strange mix of re-packaged measures that are already in place and an odd list of disparate issues ranging from spectrum management to roaming charges.
One important point of the draft regulation, as previously announced by Neelie Kroes, Vice-President and Commissioner for the Digital Agenda, is a half-hearted legal “guarantee” of network neutrality – which simultaneously seeks to “guarantee net neutrality” and at the same time to allow the kinds of “new premium services” that would undermine net neutrality.
The positive points first:
- Harmonisation: The Commission chose to propose a Regulation as a legislative instrument which means that it would allow for greater harmonisation of the digital single market.
- No discrimination: It would guarantee net neutrality (while killing it by promoting discriminatory services). Article 20.2 aims at a prohibition of anti-competitive discrimination: “Providers should not block or throttle specific services or service classes within contractually agreed limits on data volumes and speeds”.
- Transparency: The Commission's spokesperson also explained that “our net neutrality plans include much stronger rights for consumers to transparent information and switching”. Of course, if the Commission believed that it was really guaranteeing net neutrality, consumers would not need transparent information about non-neutral behaviour and their possibilities to sign up to another access provider. Article 21 would now introduce new provisions on transparency. However, as we have highlighted previously, transparency and switching are insufficient to guarantee and open, free and neutral internet.
- Sanctions: National Regulatory Authorities (NRAs) have an essential role in securing the users' capability to exercise their freedom of communication and freedom of expression. According to recital 68, NRAs should be able to impose financial or administrative sanctions for violations of net neutrality provisions of the Regulation. Unfortunately, these sanctions are not detailed in the leaked draft and merely make reference to the already existing provisions of Article 21a of the Framework Directive (2002/21/EC). We know from the weak implementation of existing legislation in some EU Member States that strong sanctions are necessary to act as a deterrent against discriminatory practices.
Negative points:
- Discrimination: If adopted, the leaked Regulation would kill net neutrality (while ostensibly “guaranteeing” it, as described above). Article 20.1, sub-paragraph 2, foresees that “providers of content, applications and services and providers of electronic communications to the public shall be free to agree with each other on the treatment of the related data volumes or on the transmission of traffic with a defined quality of service”. The Commission would therefore allow operators to enter into agreements with content and service providers in order to deliver certain services faster than others – it would allow a non-neutral Internet, in other words.
The Commissioner's spokesperson explained on Twitter that “telcos want a free hand”. If adopted, this Regulation would be disastrous not only for innovation and competition in Europe, but would cement the economic advantage of big players who have the financial capacity to strike exclusive deals with operators – the “death sentence” for innovation described by Commissioner Kroes.
- Data caps: The leak states that “volume-based tariffs are compatible with an open internet”. While this is true, up to a point, it appears that the draft would allow discriminatory behaviour, similar to what the Deutsche Telekom proposed in Germany. A volume-restricted tariff which has no restrictions on the volume of traffic from certain sites and services can be effectively used to transparently and openly stifle competition.
- Premium services: The draft text also explains that some users should be able to keep on using high bandwidth services, such as video conferencing, internet telephony and so on – with an “enhanced quality”. This might be what Commissioner Kroes meant with “enjoy something extra” in her speech on 9 July. This approach, however, is not based on evidence but rather the assumption that current temporary and exceptional traffic management measures are insufficient to deal with congestion. The Commission draft attempts to explain that the possibility and flexibility to provide enhanced quality of service especially applies to new services such as machine-to-machine communications (recital 44, p. 12). However, the way in which the current text is drafted would permit discrimination on the public internet.
- Bundles: In recital 41, the growing importance of bundles (offers that include internet, fixed/mobile telephone and television as a single package) is highlighted, but the Commission unfortunately fails to acknowledge the particular difficulties for consumers subscribed to bundled offers to change providers.
- National laws: Where does this leave the Netherlands and Slovenia? According to the leaked internal draft, Article 20.1, sub-paragraph 3, it is likely that the Dutch provisions and the Slovenian law will have to be amended, since they restrict the “freedom” of the providers to enter into discriminatory agreements: "The exercise of these freedoms shall not be restricted by national competent authorities, or, as regards the freedom laid down for end-users, by providers of electronic communications to the public, save in accordance with the provisions of this Regulation, the Directives and other provisions of Union law."
- Timetable: The draft Regulation will probably be published in September/October, it then has to be approved by the Council and go through the legislative process in the European Parliament. Due to the upcoming elections, there is a chance that this Regulation might not be adopted before the new Parliament is in place.
Leaked consolidated version of the draft Regulation laying down measures
to complete the European single market for electronic communications and
to achieve a Connected Continent
http://edri.org/files/consolidateddraft-ISC070713.pdf
Leaked Regulation: Schrödinger's net neutrality on its way in Europe
(11.07.2013)
http://www.edri.org/schroedinger-NN
Tweets by Ryan Heath, spokesperson of the Commissioner for the Digital
Agenda, on the leaked internal draft
https://twitter.com/RyanHeathEU/status/355723803755675650
https://twitter.com/RyanHeathEU/status/356904743592931328
https://twitter.com/RyanHeathEU/status/356913626004721666
https://twitter.com/RyanHeathEU/status/356903483242323968
Joint letter EDRi-BEUC to Commissioner Kroes: Over 80 European
organisations demand protection for Net neutrality (17.04.2013)
http://www.edri.org/node/3281
European Parliament resolution on Completing the digital single market
(11.12.2012)
http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&...
(Contribution by Kirsten Fiedler - EDRi)
This article is also available in:
Deutsch: Lesestoff
Estonia: E-voting source code made public (12.07.2013)
http://news.err.ee/politics/0233b688-b116-44c3-98ca-89a4057acad8
Open Letter on transparency to President of the European Parliament (16.07.2013)
https://fsfe.org/news/2013/news-20130716-01.en.html
This article is also available in:
Deutsch: Agenda
31 July – 4 August 2013, Geestmerambacht, Netherlands
Observe. Hack. Make. - OHM2013
https://ohm2013.org/
7 September 2013, Berlin, Germany
Demonstration "Freiheit statt Angst" / rally against surveillance
http://blog.freiheitstattangst.de/
14-15 September 2013, Vienna, Austria
Daten, Netz & Politik 2013 - DNP13
https://dnp13.unwatched.org/
16-18 September 2013, Geneva, Switzerland
2013 Open Knowledge Conference (OKCon)
http://okcon.org/call-for-proposals/
18-20 September 2013, Berlin, Germany
8th International Conference of Information Commissioners (ICIC 2013)
http://www.info-commissioners.org/index.php/blank-menu/281-8th-interna...
23-26 September 2013, Warsaw, Poland
Public Voice Conference 2013
35th International Data Protection and Privacy Commissioners conference
http://www.giodo.gov.pl/259/id_art/762/j/en/
24-25 September 2013, Brussels, Belgium
EU hackaton - hack4yourrights
This year’s theme is privacy
http://2013.euhackathon.eu/
27-30 September 2013, Brussels, Belgium
Freedom not Fear 2013
http://www.freedomnotfear.org/
http://www.freedom-not-fear.eu
22-25 October 2013, Bali, Indonesia
Internet Governance Forum 2013
http://igf2013.or.id/
25-27 October 2013, Siegen, Germany
Cyberpeace - FIfF Annual Meeting 2013
http://www.fiff.de/
22-24 January 2014, Brussels, Belgium
CPDP 2014: Reforming data protection: The Global Perspective
http://www.cpdpconferences.org/
24-25 April 2014, Barcelona, Spain
SSN 2014: Surveillance Ambiguities & Assymetries
http://www.surveillance-studies.net/documents/cfp_SSN2014_Barcelona_fi...