Monday, December 1, 2014

What "Ubergate" Means for Privacy Pros

Okay, so I know I’m not the only one writing about what the Twitter world collectively calls "Ubergate," but I think it’s important to delve into this issue a bit here and flesh out why this demonstrates the organizational need for privacy professionals and privacy ethics.

Much of this current firestorm centers on the alleged unethical use of sensitive personal data collected every day by the popular rideshare start-up. To quickly sum this latest privacy kerfluffle: A journalist, himself using questionable ethics, quoted Uber's senior vice president's off-the-record discussion about using data collected from its services to go after its enemies. 

But this isn't the only time the media has focused on what many sources have been calling  a culture problem at Uber, particularly its questionable use of customer data. For example, according to venture capitalist Peter Sims, Uber used a “God View” for stalking purposes, while others have raised concerns about how the company has mined its data as seen in its “Rides of Glory” and “crime location knowledge demand” blog posts.

read full article at IAPP

UK plans to introduce new Web snooping law

A U.K. counterterrorism bill would require ISPs to retain IP addresses in order to identify individual users of Internet services.

The proposed law is meant to bridge a “capabilities gap” that authorities face when trying to obtain communications data, said U.K. Home Secretary Theresa May, who introduced the bill, in a speech on Monday.

The measures will build on emergency legislation that the U.K. introduced during the summer, May said, who added that “it is not a knee-jerk response to a sudden perceived threat.”

read full article at PC World 

New NSA Privacy Chief Promises Transparency

In a Q&A online, Rebecca Richards promised a new era in transparency at the United States’ eavesdropping agency. 

The National Security Agency’s newly appointed Civil Liberties & Privacy Officer Rebecca Richards said Monday in an online Q& A she hopes to inject a sense of transparency into the secretive spy agency.

“Until somewhat recently, relatively little information about NSA was public. And the information that was made available rarely discussed the safeguards in place to protect civil liberties and privacy,” Richards said. “One of my goals is to share what NSA does to protect civil liberties and privacy. This will take time, but we must start somewhere.”

read full article at Time

Slack alters privacy policy to let bosses read your messages

Slack, the fast-growing workplace communication toolannounced today that it will begin selling a new tier of service in January aimed at large enterprises. Slack Plus, as the tier is called, will offer a handful of new tools aimed at system administrators. But there’s one feature every Slack user needs to know about: companies that subscribe to the Plus plan will be able to request every message that employees have sent on the service from that point forward, including direct messages to coworkers and a history of any changes you made to your messages.

Slack has revised its privacy policy to accommodate the new feature, which it says was requested by businesses that are legally obligated to retain employee communications. (The revisions are worth reading for anyone who manages a Slack team; among other things, it now requires you to waive your right to a jury trial in favor of binding arbitration if you ever have reason to sue the company.) 

Every enterprise software startup eventually courts big companies, which generally have the most money to spend. But few have done it as quickly as Slack, which launched in February and now has 300,000 daily users on 40,000 teams. Its earliest users were small teams, but Slack is now used at Amazon, Walmart, AOL, and ESPN, among other places. (Also: The Verge.) 

read full article at The Verge

MPs say they need 'serious discussion' with social networks over users' data

Social networks should simplify their terms and conditions, to ensure that their users fully understand how their personal data will be collected and used, MPs have concluded.

A report by the Commons science and technology committee calls for the British government to work with the Information Commissioner’s Office (ICO) on new guidelines for how social media companies should explain their data collection policies to uses.

The MPs criticised the “opaque, literary style” of many social networks’ terms and conditions documents, suggesting that they “are drafted for use in American court rooms” rather than for non-lawyers to understand, and thus give their informed consent to however that company plans to use their personal data.

read full article at Guardian

E.U. Parliament Passes Measure to Break Up Google in Symbolic Vote

Europe’s resentment of the American technology giant Google reached a new noise level on Thursday as the European Parliament passed a nonbinding vote to break up the company.

Although merely symbolic — the resolution carries no legal weight — the move came the day after a separate European body sought to further expand citizens’ “right to be forgotten” privacy protections against Google.

Both moves are also playing out against the backdrop of a long-running investigation by the European authorities of Google, on which the European Union’s new antitrust chief, Margrethe Vestager, is still getting up to speed.

read full article at NY Times

Cyber Security Needs Its Ralph Nader

It took thousands of unnecessary traffic fatalities to create an environment for radical transformation of the auto industry. What will it take for a similar change to occur in data security?

By every metric, driving an automobile is far safer today than it was in 1965, due to a combination of factors including government regulations and legislation, consumer awareness, and technology advances. The catalyst for all of this was one man: Ralph Nader.

Prior to 1965, car manufacturers had no real motivation to make safe cars because the cost of doing so did not justify the business benefits. But then Ralph Nader published Unsafe at Any Speed, a critique of the safety record of American automobile manufacturers. His advocacy injected the traffic fatality epidemic into the headlines, and a nation changed.

read full article at Information Week

How Can DPOs Leverage a New Role Under the Proposed Regulation?

Under the proposed General Data Protection Regulation, the function and tasks of the data protection officers (DPOs) are much more comprehensive and structured. At the IAPP’s Data Protection Congress in Brussels last week, four DPOs discussed how they expect their roles and responsibilities to change under the regulation and how they propose to leverage the opportunity.

Philippe Renaudière is DPO for the European Commission. He said while the number of complaints he receives yearly is limited, there’s always at least one that’s extremely serious and important, in which case the function of the DPO is to cooperate with the European Data Protection Supervisor (EDPS). But in general, from day to day, the role is much more pragmatic.

“That’s the first step: Raise awareness and create a culture of data protection. Train people,” said Renaudière. “I like that I’m a facilitator, because that’s my basic approach, my first approach to a problem. Normally, the commission is a decent institution with decent people who do decent things … It’s more a matter of explaining, defining the correct way.”

read full article at IAPP

A Blockbuster Wireless Auction

The eye-popping bids in the current auction of wireless frequencies by the Federal Communications Commission are a testament to soaring demand for mobile Internet service. 

As of last week, bids in the auction exceeded $38 billion, far more than the $10.5 billion reserve price set by the F.C.C. These frequencies, also known as spectrum, are needed to expand cellular networks so they can carry more phone calls and data.

The superheated bidding provides fresh evidence that the telecommunications industry is thriving despite protests by executives at companies like Verizon and AT&T that they are being stymied by regulation. Phone companies are upset that President Obama recently called for strong rules that would prohibit telecom companies, including wireless businesses, from creating fast and slow lanes on the Internet. His proposal needs to be approved by the F.C.C., an independent agency that is not obliged to do what Mr. Obama wants but that in this case should follow his direction.

read full article at NY Times

European Commission Finds Existing Technology Neutral Regulations Adequate For Drone Privacy

The European Commission published a comprehensive report evaluating the privacy impact of drones (referred to in the report as RPAS or remotely piloted aircraft systems), finding that Europe’s existing regulatory framework is adequate to address the emergent technology. 

The 378 page report found that the current European and Member State regulatory framework was “adequate to address the privacy, data protection and ethical impacts” of drones because those rules are technology neutral.  The report noted that rights to privacy and data protection frameworks in Europe included provisions for addressing various risks.  While the regulatory structure in Europe is adequate, the report noted that the biggest problems associated with drones may be educating the industry about their obligations, and enforcing the regulatory mechanisms that are already in place.  

The report’s authors also believed that drones should “include privacy-by-design features in all data collection and processing activities” (a reform I encourage U.S. legislators to consider in this white paper).

read full article at Forbes

The Extraterritorial Scope of the “Right to Be Forgotten” and how this Affects Obligations of Search Engine Operators Located Outside the EU

The information transferred through these networks is vast,mostly unfiltered and flows in an intangible area defined as “cyberspace”. The Courts’ recent judgment in the Google case aims at setting the boundaries to what search engine operators can and cannot do in the EU when their activities have implications to data protection rules, by determining (i) the territorial scope of such rules, (ii) the characterization of the activity of an internet search engine operator and (iii) the relevance of the “right to be forgotten” in this context. In a nutshell, the Court found that when it comes to non-EU based search engine operators, the mere existence of an affiliated company in the EU that sells ads associated with the search engine giant creates a presence in this territory and a data processor within the scope of the relevant EU Directive 

 full article at ENLR 3/2014 


Mergers: Commission approves aerospace and defence joint venture between Airbus and Safran, subject to conditions

The European Commission has concluded that the proposed creation of a joint venture for space launchers, satellite subsystems and missile propulsion between Airbus Group N.V. of The Netherlands and Safran S.A. of France is in line with the EU Merger Regulation. Both Airbus and Safran are active in the aerospace and defence industries. The decision is conditional upon the exclusion of Safran's activities in electric satellite thrusters from the joint venture, as well as on certain supply assurance commitments. 

The Commission had concerns that the joint venture could have shut out Airbus' competitors or limited their access to certain supplies, as well as transmitted strategic information to Airbus. The commitments offered by Airbus and Safran address these concerns.  

On 8 October 2014, Airbus and Safran notified plans to create a joint venture to which they would contribute their respective activities in space launchers, satellite subsystems and missile propulsion. In addition, Airbus and Safran intend to acquire, at a later stage, control over the satellite launch operator Arianespace. However, this would be a separate transaction and today's decision neither takes it into account nor prejudges the possible assessment of such a transaction in the future.

read full article at European Commission

State aid: Commission approves German renewable energy law (EEG 2014) for railway sector

The European Commission has found that a German scheme promoting electricity production from renewable energy sources and benefitting railway companies is in line with EU state aid rules. The Commission concluded that the aid is limited to compensating railway companies for the opportunity costs that arise from using rail transport rather than a more polluting mode of transport, and therefore furthers common transport objectives without unduly distorting competition in the Single Market.

The German Renewable Energy Act (Erneuerbare-Energien-Gesetz – EEG) 2014 provides support for electricity production from renewable energy sources and from mine gas. This support is financed by contributions levied on electricity consumers (the "EEG-surcharge"). The EEG 2014 grants certain energy-intensive users, including railway companies, reductions from the EEG-surcharge. These reductions constitute state aid because they give their beneficiaries an economic advantage over other companies who have to pay the full surcharge. 

The Commission verifies whether such aid is in line with EU state aid rules that allow granting aid to further certain objectives of common interest. The Commission assessed the EEG 2014 on the basis of the new Environmental and Energy Aid Guidelines, and approved it in July 2014. The EEG 2014 entered into force on 1 August 2014. However, specific state aid rules are in force for the railway sector. Therefore, the EEG-surcharge reductions for those companies had to be assessed separately under the provisions of the 2008 Railway Guidelines.

read full article at European Commission

Antitrust: Commission welcomes General Court judgment confirming its inspection powers in the area of electronic searches

The European Commission welcomes the judgment of the EU General Court (case T-272/12), dismissing an appeal by Energetický a průmyslový holding (EPH) and its subsidiary EP Investment Advisors (EPIA) against a €2.5 million fine the Commission imposed on them in 2012. EPH and EPIA were fined for obstructing a Commission inspection in an antitrust investigation, by failing to block an email account and diverting incoming emails. The judgment sends a clear message to companies that any steps that undermine the integrity and effectiveness of inspections, including tampering with data stored electronically, are illegal and will be sanctioned.

The Court confirmed that the Commission was right to consider both the failure to block an e-mail account and the diversion of incoming emails as serious breaches of EPH and EPIA's obligation to cooperate with the Commission during the inspection. In line with previous case law (cases T-141/08 and C-89/11P), the Court held that these two incidents constitute an obstruction in themselves; the Commission does not need to show that any document was actually removed or manipulated.

The Commission welcomes the Court's findings, because obstructions of inspections can severely undermine competition enforcement. The judgment makes clear that the Commission is entitled to impose appropriate and deterrent sanctions for companies' conduct that may result in destroying evidence of antitrust infringements, irrespective of whether it is stored in paper or electronic form.

read full article at European Commission

The General Court confirms the decisions ordering an inspection taken by the Commission against Orange in connection with a possible abuse of a dominant position

Orange (known as France Télécom until 1 July 2013) is a French public limited company which provides Internet access to companies and individuals. In 2011, a competitor known as Cogent lodged a complaint with the French Competition Authority, believing that Orange had abused its dominant position by a number of practices in the sector for reciprocal interconnection services in the area of Internet connectivity. In 2012, the Competition Authority found that the practices alleged against Orange were not substantiated or did not constitute an abuse of a dominant position.

In parallel, the Commission had opened a procedure against Orange into highly similar practices. After the Competition Authority’s decision, the Commission, by decisions of 25 and 27 June 2013,1 ordered Orange to undergo an inspection (‘the inspection decisions’). The inspection took place between 9 and 13 July 2013 on four of Orange’s premises. Taking the view that the Commission did not have the right to order that inspection on its premises in the circumstances of the case, Orange brought an action before the Court seeking the annulment of those decisions.

By today’s judgment, the Court dismisses Orange’s action and confirms the Commission’s inspection decisions. 

read full article at General Court

U.N. Urges Protection of Privacy in Digital Era (privacy is a human right)

The United Nations adopted a resolution on Tuesday urging all countries to protect the right to privacy in digital communications and to offer their citizens a way to seek “remedy” if their privacy is violated.

Though not legally binding, the resolution signaled growing international attention to the issue of digital privacy, which it described as a human right.

The measure passed by consensus in the General Assembly’s human rights committee, which meant that it was not put up for a vote. But it was a result of intense closed-door negotiations, and it set the stage for a showdown in Geneva next spring, when the issue is expected to go to the Human Rights Council. Privacy advocates are pushing for the United Nations to establish a special envoy.

read full article at NY Times

Wednesday, November 19, 2014

Competition, not consolidation, is the way forward

Rewheel, the ‘pro-competitive’ Finnish analyst house, has completed its mobile internet access competitiveness report, Q4 2014 and released some of the key numbers. I like Rewheel for their dogged insistence on loudly calling out numbers which much of the rest of the European telecoms industry doesn’t like to hear. In particular, the industry doesn’t like to hear evidence which runs against the seemingly unshakable conventional wisdom that European telecoms and IT salvation lies in building ‘too big to fail’ pan European telcos along the lines of AT&T and Verizon.  

The idea is that we should sacrifice price competition to consolidation and scale and so affect some ‘market repair’. The financial community, which has watched as the European telecoms industry floundered about in the financial crisis and subsequent recession, loves this idea.

read full article at TelecomTV

One-third of German internet users would pay for data protection, survey finds

German internet users strongly oppose the sale and misuse of their personal data, according to a recent study, and are willing to pay €900 million for data protection. EurActiv Germany reports.

Online consumption is spreading like wildfire but users are often reluctant to pay for products, such as news or computer games. These were among the findings of a recent survey of German internet users, conducted by the German Institute for Trust and Security on the Internet (DIVSI) and the polling institute dimap.

read full article at EurActiv

Friday, November 7, 2014

No One Is Willing to Compromise on Internet Rules

If the best compromises make everyone unhappy, Federal Communication Commission Chairman Tom Wheeler and his proposals for regulating the Internet have lot going for them.

Everyone seems to hate the FCC’s latest trial balloon, floated by unnamed sources in the Wall Street Journal. The compromise proposal calls for splitting broadband into two different services: a largely invisible one connecting networks to one another, and the public one in which people pay to connect their homes to the Internet. The FCC could then regulate the back-end service under a stringent legal authority known as Title II without applying the same legal standard to the consumer-facing Internet. From a political perspective, 
Wheeler’s hope is to appease advocates who want the FCC to take broader authority over the entire Internet while avoiding an additional round of lawsuits from Internet providers.

The idea of splitting broadband into two services for legal purposes stems from proposals by Mozilla and from an academic named Tim Wu, both supporters of strong restrictions on Internet providers’ rights to treat various kinds of traffic differently. But  the concept has been losing support, probably because backers now think they can get a better deal.

read full article at Bloomberg Business Week 

Samsung gives us a taste of 5G (with 7.5Gbps speeds)

Korean giant Samsung is often at the forefront of new technologies, and with 5G, it looks to be well-ahead of its time. The standard isn't expected for a few years yet, but a number of companies have started to work on and help shape what it should look like according to their visions.

Samsung has been testing its own version of what an event 5G network could become, and some of the incredible speeds which have been achieved leave the rest of us hoping it makes it to our devices sooner-rather-than-later.

What the company has come up with is capable of 7.5Gbps stationary, and just below 1GB/s (or 7.5 whilst moving. The test was performed not just in a controlled lab environment, but also on the road with just-as-impressive results. In a car moving at over 100km/h (60mph), the connection was still able to download files at over 150MB/second.

read full article at Telecoms Tech

Confusion and contradiction: The state of mobile network testing in the UK

In April this year a report in an industry publication suggested Ofcom was planning to purchase ‘over-the-counter’ handsets and use them to execute its own UK-wide walk and drive mobile data testing programme. According to the correspondent contacted by Ofcom, the planned testing would look at “whether UK networks have achieved consistency” - but not go so far as to test for “quality of service”.

In other words, the tests would ascertain where in the British Isles you can get a signal from EE, Vodafone, O2 and 3 but nothing else revealing in relation to the actual network performance (e.g. are you able to look up a web page, send an email or a tweet, upload a photo of your fish and chip dinner to Instagram, etc).

Would the results of such a test benefit UK consumers? Some would say that all testing on behalf of consumers is a good thing – but I am not so sure. Mobile network testing is notoriously difficult to get right, and its outcomes are fiendishly difficult to interpret; if either the testing or the interpreting goes wrong, the whole business can be more than a little misleading.

read full article at Telecoms Tech

Ofcom to auction off military airwaves

Military airwaves could soon be used to meet growing demand for mobile broadband under plans being proposed by Ofcom.

The communications watchdog is asking potential bidders for comments on a plan to sell off radio spectrum in the 2.3 GHz and 3.4 GHz bands, in an auction that could raise £50m to £70m.

The sale, expected to take place late next year or in early 2016, is part of a Government drive to free up Britain’s airwaves for civil use and comes as the military transfers to other communications.

read full article at The Telegraph

For German Healthcare Apps, U.S. Data Rules Are Hard to Swallow (oddly enough...)

Germany has become known for its strict data-protection measures, but for some of the country’s healthcare-app developers, the U.S. has put up even bigger hurdles. The reason: America’s strict patient-data rules.

“Honestly, the U.S. had way more regulations than Germany,” said Simon Bolz, whose company, goderma, makes an app called Klara that allows smartphone users to take photos of a skin problem and send it to a dermatologist.

He said getting the company’s IT systems compliant with the Health Insurance Portability and Accountability Act (HIPAA), a 1996 law that regulates patient data in the U.S., required more effort than for satisfying German authorities.

read full article at WSJ

UK: German Airlines Must Hand Over Passenger Data or “Don’t Land”

German airlines face being banned from landing in the UK unless they hand over their passenger lists in advance for security screening, The Guardian reports. “Urgent talks are now underway between London and Berlin to pressure the German government to drop their data protection laws that prevent advanced passenger lists being provided on privacy grounds,” the report states. 

Counterterrorism legislation is expected later in the month, and UK Prime Minister David Cameron has said he plans to put existing “no-fly lists” on a statutory basis, claiming that those who don’t comply “will not be able to land in Britain.” Separately, BBC News reports on "modern cars morphing into mobile data centres" and whether they're turning into "spies in our drives."

read full article at IAPP and The Guardian

Appeals Court Is Urged to Strike Down Program for Collecting Phone Records

A conservative legal activist urged a federal appeals court Tuesday to strike down the National Security Agency’s program that collects Americans’ phone records in bulk, calling it “perhaps the biggest violation of freedom and constitutional rights in history” and warning the judges that if they did not step in, Americans would take to the streets in revolt.

But a Justice Department lawyer insisted that the once-secret program was designed only to identify “known and unknown contacts of individuals associated with international terrorism,” and said that the activist had no proof that his records had been collected, let alone scrutinized.

“There is no protected constitutional interest that has been invaded by the mere collection of business records,” the Justice Department lawyer, Thomas Byron, added.

read full article at NYT

Facebook reports 24% rise in government requests for personal data

Government requests for Facebook’s user information rose by about a quarter in the first half of 2014 over the second half of last year, the social media company has revealed.

read full article at The Guardian 

Law enforcement lost public's trust after NSA leaks, says UK police chief

Law enforcement agencies lost the public’s trust after disclosures on government surveillance by the whistleblower Edward Snowden and must ensure that they strike the right balance between privacy and security, the UK’s most senior police officer said on Thursday.

Sir Bernard Hogan-Howe, commissioner of the Metropolitan police in London, told a conference of senior American police chiefs that authorities must take care “post-Snowden” to use the most intrusive surveillance tools available to them “only where necessary”, or “risk losing them altogether”.

“We need to ensure that where law enforcement accesses private communications there is a process of authorisation, oversight and governance that gets the balance right between the individual’s right to privacy and their right to be protected from serious crime,” said Hogan-Howe, whose force that takes the lead on police counter-terrorism efforts in the UK.

read full article at The Guardian

Monday, November 3, 2014

U.S. regulators to vote on treating Internet TV like cable

The U.S. Federal Communications Commission in coming weeks will vote on whether Internet TV should have the same access to television programming as cable and satellite TV providers, which could shake up competition in the video industry.

FCC Chairman Tom Wheeler on Tuesday said he has asked his fellow commissioners to vote on a proposal that would help Internet TV services, such as ones being developed by Dish Network Corp, Sony Corp and Verizon Communications Inc, to compete with traditional pay-TV for digital rights to major network programming.

The potential regulatory change concerns online subscription video services that offer scheduled programming similar to traditional pay-TV providers, and not online video services such as Netflix Inc that stream content on demand.
Satellite provider DirecTV is another company that has indicated plans for an Internet video service and CBS Corp this month revealed a plan for an Internet streaming service that would include scheduled programming.

read full article at Reuters

Thursday, October 30, 2014

Is your IP address really yours? EU court to decide the question

Europe’s top court is set to answer a question that seems to be as old as the Internet: Are IP addresses personal data?

Germany’s Federal Court of Justice was scheduled to rule on this Tuesday, but instead decided to refer the matter to the European Court of Justice of the European Union (CJEU).

The answer to the question is crucial for ongoing discussions about the EU data protection reform as well as for the many websites that track and store users’ IP addresses, the Federation of German Consumer Organizations (VZBV) said.

Moreover, if the CJEU rules that IP addresses are personal data, this could have huge consequences for the ease of use of the Internet in Europe. Under German law, personal data may only be stored with a user’s consent or for the purposes of billing and such. If IP addresses are considered personal data though, one of the possible consequence could be that Internet users would have to give their consent to store their address every time they visit a website, or alternatively, that websites would have to start storing them on a different legal basis, the VZBV said.

read full article at PC World

Commission slams Hungary’s ‘Internet tax’ (elementary dear PM...)

The outgoing European Commission has delivered an unusually tough statement over a planned new tax on Internet data transfers, which has unleashed boisterous protests in Hungary.

Ryan Heath, spokesperson to Commission Vice President for Digital Agenda Neelie Kroes said the Hungary internet tax is a “terrible idea”.

Prime Minister Viktor Orbán's government, which has been widely accused of adopting anti-democratic policies, first unveiled plans for the new tax late last week in the draft 2015 tax bill submitted to parliament.

read full article at EurActiv

Europe under massive virtual cyber attack

More than 200 organisations from 25 EU member states are under virtual cyber-attack today  (30 October), as part of the continent’s largest and most complex ever cyber security exercise.

Organised by the European Network and Information Security Agency (ENISA), Cyber Europe 2014 is targeting security agencies, ministries, telecoms and energy companies, financial institutions and internet service providers.

All EU member states except Belgium, Lithuania and Malta are testing their procedures and capabilities against realistic large-scale cyber-security scenarios. The reasons those countries have declined to participate are not known, but are “uncontroversial,” according to ENISA sources.

More than 2000 separate cyber-incidents will be carried out, including denial of service attacks to online services, intelligence and media reports on cyber-attack operations, ambushes designed to change websites' appearances, and attacks on critical infrastructure such as energy or telecoms networks.

read full article at EurActiv

Oettinger floats proposal for EU-wide 'Google-tax'

Günther Oettinger, the EU's incoming Digital Commissioner, has announced plans to reform existing copyright laws within one year, indicating the likely addition of an EU "Google-tax", similar to that applicable in Germany. 

An EU-wide "Google-tax" would require internet search engine providers to pay a fee for displaying copyrighted materials on their sites.
“If Google takes intellectual property from the EU and makes use of it, the EU can protect this property and demand that Google pay for it,” Oettinger told the Handelsblatt newspaper. 

read full article at EurActiv

James Comey, F.B.I. Director, Hints at Action as Cellphone Data Is Locked

The director of the F.B.I., James B. Comey, said on Thursday that the “post-Snowden pendulum” that has driven Apple and Google to offer fully encrypted cellphones had “gone too far.” He hinted that as a result, the administration might seek regulations and laws forcing companies to create a way for the government to unlock the photos, emails and contacts stored on the phones.

But Mr. Comey appeared to have few answers for critics who have argued that any portal created for the F.B.I. and the police could be exploited by the National Security Agency, or even Russian and Chinese intelligence agencies or criminals. And his position seemed to put him at odds with a White House advisory committee that recommended against any effort to weaken commercial encryption.

 Apple and Google have announced new software that would automatically encrypt the contents of cellphones, using codes that even the companies could not crack. Their announcement followed a year of disclosures from Edward J. Snowden, the former government contractor who revealed many government programs that collect electronic data, including information on Americans.

read full article at NY Times

Cloud Service Level Agreement Standardisation Guidelines

"... These guidelines will form the basis of a submission by the C-SIG SLA subgroup to the ISO/IEC JTC1 Working Group on Cloud Computing, which is currently working on an international standard for cloud SLAs, to ensure maximum impact for the European position to be taken into account at the international level..."

read full article at Digital Agenda EU

Thursday, October 23, 2014

Public Outrage Mounts Against Hungary’s Plan to Tax Internet Use (no wonder...)

Public outrage was mounting Wednesday in Hungary against the government’s plan to levy a hefty tax on Internet use from the start of next year, with critics saying it would be detrimental to the country’s economic development, limit access to information and hinder the freedom of expression.

By Wednesday afternoon, 15,000 Facebook users have signed up to attend a street demonstration planned for Sunday in Budapest to protest against the new tax.

A trade union of teachers PSZ, which claims to be the biggest in Hungary with 40,000 members, issued a statement, saying “this measure seriously undermines the operation of public education, limits the freedom of information, of education and the right to learn.”

read full article at WSJ

Wednesday, October 15, 2014

Mass internet surveillance threatens international law, UN report claims

Mass surveillance of the internet by intelligence agencies is “corrosive of online privacy” and threatens to undermine international law, according to a report to the United Nations general assembly.

The critical study by Ben Emmerson QC, the UN’s special rapporteur on counter-terrorism, released on Wednesday is a response to revelations by the whistleblower Edward Snowden about the extent of monitoring carried out by GCHQ in the UK and the National Security Agency (NSA) in the US.

Emmerson’s study poses a direct challenge to the claims of both governments that their bulk surveillance programs, which the barrister finds endanger the privacy of “literally every internet user,” are proportionate to the terrorist threat and robustly constrained by law. To combat the danger, Emmerson endorses the ability of Internet users to mount legal challenges to bulk surveillance.

read full article at The Guardian

Microsoft’s Lynch Talks Privacy and Trust, Then and Now

Being the chief privacy officer for the world’s largest software company is no small task, especially in light of lingering PRISM accusations and the growing importance of data in an increasingly connected world. Eleanor Dallaway meets Microsoft's Brendon Lynch…

I sit down with Microsoft's chief privacy officer, Brendon Lynch, at a time when privacy and data exposure couldn’t be more topical.

With the revelations of NSA whistleblower Edward Snowden still rocking the industry, and bang in the middle of the RSA backdoor controversy, I could forgive Lynch for being a little cagey. After all, the media has been pretty unforgiving in accusing Microsoft of collaborating with law enforcement over access to customer data.

by Eleanor Dallaway  

read full article at InfoSecurity

EU Antitrust Unit Fines Deutsche Telekom

The European Commission’s antitrust unit is fining Deutsche Telekom AG and its subsidiary Slovak Telekom A.S. a total of €69.9 million ($88.4 million) for shutting out rivals from the Slovak market for broadband services for more than five years, in breach of EU antitrust rules, the commission said in a statement Wednesday.

The total consists of two fines: one of €38.8 million on Slovak Telekom A.S. and its parent company, Deutsche Telekom AG for refusing to give access to the so-called local loop or “last mile". 

read full article at WSJ

Thursday, October 9, 2014

Telecoms: Commission to cut number of regulated markets in Europe

Today the European Commission – in agreement with Member States - decided that two telecom markets should no longer be subject to regulation in Europe, and that two more should be redefined to reflect market and technology developments. The rules take effect immediately.
The two liberated markets are:
    a) the retail market for access to fixed telephony; and
    b) the wholesale market for fixed call origination.
The Commission will also redefine two broadband markets, in order to limit regulatory burdens to what is strictly necessary for competitive broadband access and investment.
The Commission is increasing its focus on the distinct needs of business users, to make sure that competitive connectivity can unleash growth across the economy.
European Commission Vice President @NeelieKroesEU says: "I am delighted to announce this cut in telecoms red tape. It is the result of increased competition in telecoms markets and it takes us a step closer to a real Connected Continent”.

read full article at EU

Wednesday, October 8, 2014

The right to be forgotten - Drawing the line

SOMETIMES a local spark can cause a global fire. In 1998 La Vanguardia, a Spanish daily, ran an announcement publicising the auction of a house to pay taxes owed by Mario Costeja González, a lawyer. The event would have been consigned to oblivion had the newspaper not digitised its archives a few years later. Instead, it came first in Google’s results for searches for Mr Costeja’s name, causing him all manner of professional problems.

When the online giant refused to remove links to the material, Mr Costeja turned to Spain’s data-protection authority. The case ended up in the European Court of Justice (ECJ), which ruled in May that Google must remove certain links on request. The ruling has established a digital “right to be forgotten”—and forced Google to tackle one of the thorniest problems of the internet age: setting the boundary between privacy and freedom of speech.

read full article at Economist

J.P. Morgan Says About 76 Million Households Affected By Cyber Breach

The largest U.S. bank by assets said the unknown attackers stole customers’ contact information—including names, email addresses, phone numbers and addresses. The breach, which was first disclosed in August and is still under investigation by the bank and law enforcement, extended to the bulk of the bank’s customer base, affecting an amount equivalent to two-thirds of American households. It also affected about seven million of J.P. Morgan’s small-business customers. It isn’t clear how many of those households are U.S.-based.

The bank said hackers were unable to gather detailed information on accounts, such as account numbers, passwords, Social Security numbers or dates of birth. Customer money is “safe,” the bank said in a statement to customers on Thursday.

read full article at WSJ

Europe Digital Nominee Demands Stronger U.S. Data Rules (or else...)

Europe may suspend data-sharing agreements with the United States if American policy makers do not improve how Europeans’ online information is protected, according to Andrus Ansip, the nominee to lead Europe’s digital agenda.

His statements could have major implications for American tech giants like Google and Facebook, which routinely compile data generated by their European customers through web searches and other online activities. Those companies’ data policies have come under greater scrutiny in Europe in the wake of the revelations about spying by the National Security Agency, using online data.

read full article at Bits

EU Justice Nominee Notes Data Protection, U.S.-EU Safe Harbor at Nomination Hearing

The European Union's incoming commissioner with responsibility for data protection Oct. 1 said she would press for rapid completion of the bloc's data protection overhaul and would “not make any concession” in discussions with the U.S. on protecting privacy in the transfer of EU citizens' data for law enforcement purposes.

At a confirmation hearing in front of three European Parliament committees, former Czech Regional Development Minister Vera Jourová added that possible release to the U.S. National Security Agency of data transferred by companies to the U.S. under the U.S.-EU Safe Harbor Program is “the most complex topic I have ever encountered.”

read full article at BNA

How will you store your photos and documents online in 5, 10, or even 20 years?

Today, cloud services are a commonplace for sending emails, sharing photos or watching movies. People and businesses are entering the cloud more than ever before. We need to continue doing more research in this field also beyond 2015. This is why the European Commission seeks everyone's opinion, especially from researchers, scientists and developers, on priorities for this research.

Before the Web started in 1998, everyone stored their photos and documents in albums and folders at home. You could only watch films at the cinema or if you rented them from a shop to watch at home. Now it is easy to store them online anywhere in the world thanks to cloud computing and advanced software.

read full article at Digital Agenda for Europe 

OWASP Top 10 Privacy Risks Presented at Inaugural IPEN Workshop in Berlin

The first workshop of the Internet Privacy Engineering Network (IPEN), recently founded by the European Data Protection Supervisor (EDPS), could not have had a more symbolic location: Berlin State Parliament, right beside the remaining parts of the Berlin Wall that separated Western Germany from the German Democratic Republic until 1989. Surveillance of its citizens by the Stasi (state security) was widespread in Eastern Germany, and, 25 years later, we are back in a situation where mass surveillance is supported by the globalized Internet and has been heavily enforced by Western governments to fight terrorism. Further, insecure protocols and the lack of technical measures to protect data in current Internet technology make it easy to circumvent privacy. For these reasons and more, IPEN was founded to support the development of privacy-friendly technologies and raise awareness not only among software engineers.

read full article at IAPP

Feds Seek Advice on Privacy Tech Spending (!)

The National Privacy Research Strategy, or NPRS, "will establish objectives and prioritization guidance for federally funded privacy research, provide a framework for coordinating research and development in privacy-enhancing technologies, and encourage multidisciplinary research that recognizes the responsibilities of the government, the needs of society, and enhances opportunities for innovation in the digital realm," reads a request for information from the Networking and Information Technology Research and Development Program, published by the National Science Foundation last month.

read full article at Ecommerce Times

Data retention Directive abandoned in EU but Telcos in AU fear rushed data-retention laws

Rumours that Attorney-General George Brandis may look to introduce legislation to force telecommunications companies to retain customer data for up to two years as soon as October 20 are frightening, according to John Stanton, CEO of industry lobby group the Communications Alliance.

The organisation, as the representative group for the telecommunications industry, has been heavily involved in discussions with the Attorney-General's Department over the exact structure of a scheme that would force the ISPs to retain an as-yet-undefined set of customer data for access by government agencies such as the Australian Federal Police, Human Services, local councils, and the RSPCA for up to two years.

read full article at ZDnet

Following Apple And Starbucks, Amazon Now Faces European Commission Tax Probe

Amazon is now, following in the footsteps of Apple and Starbucks facing a probe into its tax arrangements from the European Commission. Now that we’re seeing the details of these cases, of what the allegations are, it’s possible to offer a preliminary opinion as to what is actually going on here. Which is that this is all a great deal of fuss over not very much. This is a result of political pressure, nothing more, and it’s not going to change, except in the most trivial manners, the way that these companies operate in Europe.

read full article at Forbes

The Extraterritorial Scope of the “Right to Be Forgotten” and how this Affects Obligations of Search Engine Operators Located Outside the EU

Spiros Tassis and Margarita Peristeraki
European Networks Law & Regulation Quarterly 3/2014: pp. 244-252 [Case Note]

Annotation on the Judgment of the Court of Justice of 13 May 2014, in Case C-131/12 Google Spain SL, Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González Electronic networks’ governance is becoming increasingly complex and constitutes a field of conflict between several jurisdictions, particularly the US and the EU. The information transferred through these networks is vast,mostly unfiltered and flows in an intangible area defined as “cyberspace”. The Courts’ recent judgment in the Google case aims at setting the boundaries to what search engine operators can and cannot do in the EU when their activities have implications to data protection rules, by determining (i) the territorial scope of such rules, (ii) the characterization of the activity of an internet search engine operator and (iii) the relevance of the “right to be forgotten” in this context. In a nutshell, the Court found that when it comes to non-EU based search engine operators, the mere existence of an affiliated company in the EU that sells ads associated with the search engine giant creates a presence in this territory and a data processor within the scope of the relevant EU Directive.

full annotation at ENLR

Tuesday, October 7, 2014

Slowly but surely, standards on the way for Internet of Things (a battle between telecoms and tech companies?)

It looks like a battle is shaping up between the telecoms and the tech companies as to what kinds of standards to apply to the emerging Internet of Things.

As observed in a report by Daniel Thomas in The Financial Times, "an intense battle is developing between technology and telecoms groups" for market domination of the Internet of Things. Companies from across the spectrum, including Vodafone, Google and Arm, are vying for leading roles in the IoT market, which Gartner says will be worth $300 billion in the next six years. 

So, with all these vendors jumping into what looks like a lucrative space, will standards evolve to make it all work? Or will we finally get everyone on the same page, as we did with the Internet of Words and Pictures?

read full article at ZDnet

Telefónica to trial AT&T’s smart home Internet of Things platform

Telefónica has announced plans to bring a trial of US carrier AT&T’s connected home platform, “Digital Life”, to Europe. Digital Life allows customers to monitor domestic smart and connected devices such as intruder alarms, thermostats and ovens, and control them through mobile applications and other web based user interfaces.

AT&T will provide Telefónica with the necessary technical resources and software to enable Telefonica to operate the Internet of Things service in its domestic markets. The Digital Life platform will also be customised to show Telefonica branding, as well as handing over management and hosting of the service to the Spanish telco.

The President of AT&T’s Digital Life business, Kevin Peterson, believes that global distribution of the service will widen new market opportunities for industry OEMs.

read full article at BCN

EU's super-commish for tech: Geo-blocks on cat vids, music – NOT FAIR

Andrus Ansip, the new EU super-commissioner for all things digital, says he will work to completely abolish geo-blocking of media in Europe – and urged telcos to get on with pushing out high-speed mobile broadband.

What started out as a relatively boring and predictable hearing before the European Parliament on Monday took a turn for the interesting in the final minutes: the rather wooden Ansip took issue with incumbent telecoms companies for sitting back and not rolling out 4G.

“In some countries almost 90 per cent of the territory is covered by 4G LTE, in some other countries it is zero! They haven’t even started allocating that spectrum. Once again I think we have to talk about vested interests,” he said.

read full article at The Register

We Want Privacy, but Can’t Stop Sharing

"IMAGINE a world suddenly devoid of doors. None in your home, on dressing rooms, on the entrance to the local pub or even on restroom stalls at concert halls. The controlling authorities say if you aren’t doing anything wrong, then you shouldn’t mind.

Well, that’s essentially the state of affairs on the Internet. There is no privacy. If those creepy targeted ads on Google hadn’t tipped you off, then surely Edward J. Snowden’s revelations, or, more recently, Jennifer Lawrence’s nude selfies, made your vulnerability to cybersnooping abundantly clear.

You need only read George Orwell’s “1984” or watch the film “Minority Report” to understand how surveillance is incompatible with a free society. And increasingly, people are coming to understand how their online data might be used against them. You might not get a job, a loan or a date because of an indiscreet tweet or if your address on Google Street View shows your brother-in-law’s clunker in the driveway. But less obvious is the psychic toll of the current data free-for-all..."

read full article at NYTimes

Privacy issues raised over Singapore’s plan to use ‘smart’ road toll technology

Singapore’s Land Transport Authority (LTA) has shortlisted three consortia to tender for the development of the country’s next generation electronic road pricing system to be used on congested roads, based on global navigation satellite system (GNSS) technology. 

The LTA said an 18-month system evaluation test that ended in December 2012 showed “it is technologically feasible to develop a GNSS-based road pricing system... (to) overcome the constraints of physical gantries, which are costly and take up land space”.

However, concerns have been raised about how the technology might impact on privacy. In a statement issued in December 2013, the opposition Singapore Political Party expressed concern the satellite system would be used to track vehicles for "unwarranted surveillance".

read full article at Outlaw

"Feds only have themselves to blame for Apple and Google's smartphone encryption efforts"

For the past two weeks, federal agencies and the executive branch have launched a cacophony of critique of Apple and Google for bolstering the encryption on their users' smartphones.

Secret loopholes drive NSA's 'unrestrained surveillance' on Americans
Thanks to a three-decade-old secret executive order, Fourth Amendment protections against warrantless domestic surveillance is not as strong as first thought.
That, the opposition camp says, will result in drug dealers, pedophiles, identity thieves, and other violent criminals evading capture, leading to an uptick in crime. That will affect millions of Americans who each year are classified as victims of theft and robbery, violence, and sexual crimes.
Made up of the FBI and the NSA, the outgoing Attorney General Eric Holder, and members of Congress, they are calling for laws to be changed, and Apple and Google to face sanctions for their privacy protections.

read full article at ZDnet

Big Tech pledges student privacy; critics scoff... (the right to be ... corrected)

Companies signing the pledge — including Microsoft, Amplify, Edmodo, Knewton and Houghton Mifflin Harcourt — will commit to clearly disclose what type of personal information they collect about students, and for what purpose. They will promise not to sell the information or use it to target advertising at students. They’ll pledge to let parents see their children’s records and correct any errors. 

read full article at Politico

Attorney General: Device Backdoors Should Be Left Open for the Police

The Attorney General Eric H. Holder Jr. spoke out yesterday about backdoors in consumer technology, claiming that they should be left open by technology firms so that law enforcement officials are never locked out during important investigations.

Speaking about new forms of encryption that could theoretically prevent police officers and other government officials from accessing personal data, he claimed that they could harm investigations of kidnappers and sexual predators, and in turn put children at increased risk.

read full article at Gizmodo

We are back!

Dear readers of this blog, 

After a long period of inactivity caused by summer laziness and vacations, some serious legal projects and the relocation of our law office to new premises, we are happy to announce that it's official... WE ARE BACK!


Thursday, July 17, 2014

Microsoft's Bing follows Google in offering Europeans the 'right to be forgotten'

Microsoft has started accepting requests from users in Europe who want to remove search links from Bing under a recent “right-to-be-forgotten” ruling by Europe’s top court.

The company has asked European residents, who want Microsoft to block search results that show on Bing in response to searches of their names, to fill up a four-part online form.

Besides the name and country of residence of the person and the details of the pages to be blocked, the form also asks if the person is a public figure or has or expects a role that involves trust, leadership or safety.

Microsoft does not guarantee removal of links after they are submitted for removal through the form. It will also consider other sources of information to verify or supplement what is provided in the form.

The information provided will help the company “consider the balance” between the applicant’s individual privacy interest and the public interest in protecting free expression and the free availability of information, in line with European law, Microsoft said.

The Court of Justice of the European Union ruled in May that people who want search engines to remove search results referring to their names can file a request directly with the search engine operator, which must evaluate the request. A refusal by the operator can be appealed in a court.

read full article at PC World