Thursday, July 17, 2014

Microsoft's Bing follows Google in offering Europeans the 'right to be forgotten'

Microsoft has started accepting requests from users in Europe who want to remove search links from Bing under a recent “right-to-be-forgotten” ruling by Europe’s top court.

The company has asked European residents, who want Microsoft to block search results that show on Bing in response to searches of their names, to fill up a four-part online form.

Besides the name and country of residence of the person and the details of the pages to be blocked, the form also asks if the person is a public figure or has or expects a role that involves trust, leadership or safety.

Microsoft does not guarantee removal of links after they are submitted for removal through the form. It will also consider other sources of information to verify or supplement what is provided in the form.

The information provided will help the company “consider the balance” between the applicant’s individual privacy interest and the public interest in protecting free expression and the free availability of information, in line with European law, Microsoft said.

The Court of Justice of the European Union ruled in May that people who want search engines to remove search results referring to their names can file a request directly with the search engine operator, which must evaluate the request. A refusal by the operator can be appealed in a court.

read full article at PC World

Big investors see cybersecurity as opportunity

Cyberattacks on U.S. businesses could be an opportunity for investors as companies spend money to upgrade their infrastructures, big-name money managers said on Wednesday at a conference geared to sharing potential blockbuster ideas.

Even U.S. Treasury Jacob Lew, speaking at the CNBC Institutional Investor Delivering Alpha conference, noted that such attacks are an immediate concern.

"Everyone in this room knows cyber intrusions are not some hypothetical event on the horizon," Lew said, calling them a threat to economic security.

That, in turn, means more companies will have to upgrade, adapt or otherwise evolve their systems to deal with the problem, investors said.

"Every business in the United States will have to spend more money to defend themselves," said Lee Ainslie, head of Maverick Capital. He feels that companies providing cybersecurity could grow.

Jim Breyer, the chief executive of Breyer Capital, also listed cybersecurity and messaging as among his most interesting focuses at the conference, as well.

read full article at Chicago Tribune

UN Human Rights Report and the Turning Tide Against Mass Spying

The UN High Commissioner on Human Rights has released an excellent report today on the right to privacy in the digital age, blasting the digital mass surveillance that has been taking place, unchecked, by the U.S., the U.K, and other world governments. The report is issued in response to a resolution passed with unanimous approval by the United Nations General Assembly in November 2013. That resolution was introduced by Brazil and Germany and sponsored by more than 50 member states.

This report turns the tide in the privacy debate at the United Nations and opens the door for more substantive scrutiny of states’ surveillance practices and their compliance with international human rights law. The report elaborates on issues EFF has long championed, and which are deeply integrated into our 13 Principles and its legal background paper, which have been signed by more than 400 organizations and 350,000 individuals.

read full article at EFF

Microsoft Next To Comply With Europe’s Search Privacy Ruling

Microsoft has followed Google’s lead and launched an online webform where European users of its Bing search engine (all few of them) can make a request for information displayed in search results triggered by a search for their name to be de-indexed — if that information is outdated or irrelevant.

The move follows the so-called ‘right to be forgotten’ ruling back in May by Europe’s top court, the ECJ, which found that search engines are data controllers and therefore should have to comply with existing European data protection legislation.

Google was faster off the mark to respond to the ruling — which was immediately enforceable — launching its rtbf removal form at the end of May.

It’s since fielded more than 70,000 requests from private individuals wanting links about them to be de-indexed.

A week ago Redmond said it was working on its own implementation to comply with the ruling – and now has a formal process in place.

Microsoft’s webform is a little different to Google’s. For instance, it includes direct questions asking the rtbf requester whether they are a public figure, and also whether they more broadly have a role in the community that involves “leadership, trust or safety” — with given examples of this category including ‘teacher, clergy, community leader, police, doctor’.

read full article at TechCrunch

Corporate colonisation of cyberspace

I love the fact that every time I buy a bottle of Fairy Liquid, I am helping overthrow a dictator somewhere around the world. Proctor & Gamble, the company behind Fairy, is one of the biggest advertisers on Facebook, helping to generate the $10bn a year of advertising revenue that keeps the social networking site alive. Facebook is now one of the primary means by which public uprisings are being organised. So, my little over-priced bottle of soap is doing its bit to change the world.

It is perverse to think that tools like Facebook, Twitter and free email services like Gmail, which have arguably done more than any other to facilitate the political activism of the last decade, are almost entirely reliant on paid advertising. Social media and web 2.0 is the contemporary soapbox. But corporate influence is no longer limited to the label on the orator's crate. 
Every 20 minutes on Facebook, 3 million messages are sent. Almost half of 18- to 34-year-old Facebook users check the site when they wake up; 28 percent before they get out of bed.

The new "public spaces" we have created online are an increasingly important part of our everyday lives and our societies' shared infrastructure; but they are also privately run. And the implications of this go far beyond attempts to influence which brand of soap we purchase.

There is no greater threat to the internet's potential to radically enhance our public sphere than the corporate colonisation of cyberspace. Yes, the internet makes accessible more information from a wider array of sources and to a greater number of people more easily than any instrument of information and communication in history. As a global, decentralised, two-way medium that is not owned by any one corporation or government, it allows for relatively unfettered public communication. 
With so much material available, what matters most is what gets our attention online. Publishing views on the internet is easy; getting them noticed is not.

read full article at AlJazeera

Tuesday, July 15, 2014

Minister Says U.K. Government Opposes Right to Forget Principle in EU Regulation

The U.K. government is against the inclusion of a right to be forgotten principle in the proposed European Union data protection regulation, U.K. Justice and Civil Liberties Minister Simon Hughes told a U.K. Parliament subcommittee July 9.

 The House of Lords Affairs, Health and Education European Union Sub-Committee met to discuss the consequences of the European Court of Justice's May 13 ruling that data subjects can in certain circumstances require Google and other Internet search engines to remove links to websites containing personal information about them.

 The U.K. government plans to reiterate its opposition to include the right to be forgotten principle in the European Commission's proposed data protection regulation, which would replace the EU Data Protection Directive (95/46/EC), he said.

read full article at Bloomberg

Net-Neutrality Proposal Faces Public Backlash

The Federal Communications Commission's net-neutrality rules are giving Janet Jackson and her infamous "wardrobe malfunction" a run for its money.
The agency has received more than 677,000 comments so far on its proposed rules for how broadband providers can treat content traveling over their networks.

 A random sampling of the public's input suggests that the agency's chairman, Tom Wheeler, has his work cut out for him in selling his plan.

Mr. Wheeler wrote the rules, which were designed to enforce net neutrality, but leave the door open for content companies to cut deals with broadband providers for preferential treatment. His proposal has left few satisfied, from supporters of net neutrality to conservatives opposed to any rules whatsoever.

 read full article at Wall Street Journal 

Open letter on data retention and investigatory powers Bill ("DRIP") from UK privacy law academics

"On Thursday 10 July the Coalition Government (with support from the Opposition) published draft emergency legislation, the Data Retention and Investigatory Powers Bill (“DRIP”). The Bill was posited as doing no more than extending the data retention powers already in force under the EU Data Retention Directive, which was recently ruled incompatible with European human rights law by the Grand Chamber of the Court of Justice of the European Union (CJEU) in the joined cases brought by Digital Rights Ireland (C-293/12) and Seitlinger and Others (C-594/12) handed down on 8 April 2014.
In introducing the Bill to Parliament, the Home Secretary framed the legislation as a response to the CJEU’s decision on data retention, and as essential to preserve current levels of access to communications data by law enforcement and security services. The government has maintained that the Bill does not contain new powers.
On our analysis, this position is false. In fact, the Bill proposes to extend investigatory powers considerably, increasing the British government’s capabilities to access both communications data and content. The Bill will increase surveillance powers by authorising the government to; ..."

read full article at PanGloss

Saturday, July 12, 2014

EU VAT rules change in 2015: Establishing your business in Switzerland?

Currently, telecommunications and broadcasting companies as well as providers of electronic services to consumers (B2C) are at a disadvantage when it comes to VAT if they are established outside the EU (e.g., in Switzerland). As from 1 January 2015, this will no longer be the case.

Current state

EU telecommunications and broadcasting companies as well as providers of electronic services to EU consumers (B2C) are taxed where the supplier is established; if provided by a non-EU business, they are taxed where the EU consumers are established or the services are used and enjoyed. For example, a Luxembourg supplier has to charge 15% Luxembourg VAT (lowest rate in the EU) to EU consumers regardless where they are established, while a Swiss supplier has to charge the VAT of the EU Member State where EU consumers are domiciled or the services are used and enjoyed (i.e. anywhere from 15% to 27%). These discrepancies, combined with compliance constraints, imply that suppliers are reluctant to establish their businesses outside the EU (e.g. Switzerland).

Changes as of 1 January 2015

As from 1 January 2015, EU businesses and non-EU businesses will be treated equally from a VAT point of view. Indeed, telecommunications, broadcasting and electronically supplied services provided to EU consumers will be taxed where the consumers are domiciled, regardless of where the suppliers are established. In the above example, the Hungarian customer will pay 27% Hungarian VAT on the received services whether it is provided by a Luxembourg or a Swiss supplier. Along with the change of the place-of-supply rules, a “Mini One Stop Shop” will be introduced, giving both EU suppliers and non-EU suppliers the possibility to register for VAT in a single EU Member State through which they will account for VAT on services to customers in other EU Member States.

read full article at KPMG

FTC Sues Amazon Over Billing for Childrens' In-App Purchases

The FTC has filed a lawsuit alleging that ", Inc. has billed parents and other account holders for millions of dollars in unauthorized in-app charges incurred by children." FTC Chairwoman Edith Ramirez said, "Amazon's in-app system allowed children to incur unlimited charges on their parents' accounts without permission. Even Amazon's own employees recognized the serious problem its process created." The FTC recently settled similar charges with Apple. In that case, the FTC charged Apple with "billing consumers for millions of dollars of charges incurred by children in kids' mobile apps without their parents' consent." Under the terms of the settlement, Apple must provide a refund for affected consumers and must change its billing practices to ensure that it has obtained express, informed consent from consumers before charging them for items sold in mobile apps. Previously, EPIC filed a complaint with the FTC over Amazon's collection of children's data. EPIC explained that Amazon was violating the Children's Online Privacy Protection Act by allowing children to post content, including personally identifiable information, without their parents' permission. EPIC currently has several complaints pending with the FTC. For more information, see EPIC: FTC

read full article at EPIC 


5 online privacy tips from an ex-FBI agent

1. Change passwords once a month.
2. Give the wrong contact information at checkout.
3. Need photo ID? Don't show your driver's license. 
4. No banking apps. 
5. Keep one email account for junk mail only.

read full article at CNN

Google to Tour Europe to Discuss Privacy

The search engine company will soon send a group of executives and legal experts, including the company’s executive chairman, Eric E. Schmidt, around the region to explain Google’s stance on online privacy.

The series of meetings, which is expected to start as early as September and last up to nine months, will form part of the company’s response to a recent European court ruling that gives people the right to ask that links about themselves be removed from certain Internet searches.

On Friday in Europe, Google opened a website for its 10-person privacy advisory group. The site includes an area where people can give suggestions for how the company should respond to the court’s decision.

The privacy committee includes Mr. Schmidt and Google’s top lawyer, David C. Drummond. Other members are Jimmy Wales, the founder of Wikipedia, who has been a vocal critic of Europe’s so-called right to be forgotten, and several European data protection experts, including José Luis Piñar, a former Spanish privacy regulator.

read full article at NY Times 

Austria: Data retention provisions no longer apply

The Constitutional Court of Austria ('the Court') declared - on 27 June 2014 - data retention laws in Austria unconstitutional. Austria is the first EU Member State (MS) to annul data retention laws following the European Court of Justice (CJEU)'s decision to annul the Data Retention Directive (2006/24/EC) on 8 April 2014.

 The Court set aside the data retention provisions in the Austrian Telecommunications Act, the Police Authorisation Act and the Criminal Procedure Act. Companies now would only be obliged to retain data for specific purposes provided by law, such as billing of fault recovery.

''There is no requirement and legitimisation for retaining data beyond the limits provided by the general data provisions [and] this would also apply to data retained prior to the ruling," Dietmar Huemer, Attorney-at-Law at LEGIS, told DataGuidance. "The [data retention] provisions have been vacated as of 1 July 2014. The general data protection provisions apply."

read full article Data Guidance 

Friday, July 11, 2014

Mergers: Commission approves acquisition of ONO by Vodafone

The European Commission has cleared the proposed acquisition of Grupo Corporativo ONO ("ONO") by Vodafone Group Plc under the EU Merger Regulation. Both companies provide fixed and mobile telecommunications services in Spain. The Commission concluded that the transaction would not raise competition concerns, as the parties' activities are largely complementary: ONO's main activity is related to fixed telecoms, whereas Vodafone is mainly active in mobile telecoms.

Vodafone and ONO's activities overlap in a number of markets in the fixed and mobile telecommunications markets in Spain. However, the Commission found that the impact of the transaction on these markets is likely to be limited as the combined entity would continue to face significant competition from other market players, such as the incumbent operator Telefónica, and other operators such as Orange and Jazztel.

The transaction also gives rise to a number of vertical and conglomerate relationships in the fixed and mobile telecommunication markets in Spain, in particular in relation to the provision of bundled multiple play services.  
However, the Commission's investigation indicated that the merged entity will not be able to shut out fixed or mobile operators from the markets for multiple play services, because of the availability of alternative operators and the regulatory obligations in relation to wholesale access on mobile and fixed services.

The Commission therefore concluded that the transaction would not significantly impede effective competition in Spain.

read full statement at European Commission

Mergers: Commission clears acquisition of E-Plus by Telefónica Deutschland, subject to conditions

1) First, Telefónica offered a package of commitments aimed at ensuring the short-term entry or expansion of one or several MVNOs which will compete with the merged entity. MVNOs offer mobile telecoms services to consumers through access to the network of MNOs. Telefónica commits to sell, before the acquisition is completed, up to 30% of the merged company's network capacity to one or several (up to three) MVNO(s) in Germany at fixed payments. The capacity is measured in terms of bandwidth and the MVNO entrants will obtain a dedicated "pipe" from the merged entity's network for voice and data traffic. This model is more effective than the typical pay-as-you-go model that MVNOs and Service Providers currently use in Germany - and more generally in Europe - and under which they pay for network access on a per usage basis. The Commission's investigation in this case also showed that the model is viable for the German telecoms market. Indeed, with a fixed capacity that they committed to pay upfront at their disposal, the MVNOs will have increased incentives to fill the capacity they have committed to purchase by offering attractive prices and innovative services.

2) Second, Telefónica commits to offer to divest radio wave spectrum and certain assets either to a new MNO entrant or subsequently to the MVNO(s) who will have taken up the network capacity thanks to the first part of the commitments. These assets, in conjunction with the upcoming frequency auction to be organised by the German telecoms regulator, could facilitate the entry or enable the development of a new MNO into the German market in the future.

3) Third, Telefónica commits to extend existing wholesale agreements with Telefónica's and E-Plus' partners (i.e. MVNOs and Service Providers) and to offer wholesale 4G services to all interested players in the future. In addition, Telefónica commits to improve its wholesale partners' ability to switch their customers from one MNO to another.

read full statement at European Commission 

Public policies in digital markets: reflections from competition enforcement

" ... For my keynote address, I have selected a topic that can show the interplay between competition policy and other policy domains. I am referring to the challenges posed by the digital economy and in particular by the rise of dominant platforms.

The most talked-about investigation we currently have in this area involves Google. Apart from the wide debate it has sparked, this investigation shows that competition law tools are flexible enough to deal with competition concerns in industries where technology advances rapidly.

However, the Google investigation has also shown that one competition case should not be used as a proxy to address wide-ranging issues going beyond the scope of competition policy raised by the business practices of international, unregulated, and dominant platforms.

So, on the basis of our practice, I would like to reflect on the challenges posed by the rise of the digital economy, the array of public policies required to address them, and the proper place of competition control among these policies.

I believe EU public policy should pursue two main objectives in digital industries: creating the best conditions for them to flourish in Europe and, at the same time, preventing the potential risks that powerful platforms pose for businesses, users and society at large..." (I wonder which are these "powerfull platforms...)

read full speech at European Commission

Berlin tells CIA station chief to leave in spy scandal (a sense of coldwar...)

Germany told the CIA station chief in Berlin to leave the country on Thursday (10 July) in a dramatic display of anger from Chancellor Angela Merkel at the behaviour of a close ally after officials unearthed two suspected US spies.

The scandal has chilled relations with Washington to levels not seen since Merkel's predecessor opposed the US invasion of Iraq in 2003. It follows allegations that Merkel herself, who grew up in Stasi-ridden East Germany, was among thousands of Germans whose mobile phones have been bugged by American agents.

"Spying on allies ... is a waste of energy," the chancellor said in her most pointed public remarks yet on the issue. "We have so many problems, we should focus on the important things."

read full article at EurActiv

US 'willing to talk' to Germany in latest spy dispute (define "talk"...)

German foreign minister Frank-Walter Steinmeier will hold talks with his US counterpart, John Kerry, on the new spy dispute in the coming days, the US State Department has said.

Germany on Thursday (10 July) told a senior representative of the US intelligence service, the CIA, to leave the country - a move one step short of a full expulsion.

The decision comes after two German officials - one from the German intelligence service BND and one in the defence ministry - were put under investigation for spying and selling secrets to the US intelligence services.

read full article at EU Observer

Processor BCR have a bright future (interesting view on enterprise self-regulation...)

Last month, the Article 29 Working Party sent a letter to the President of the European Parliament about the future of Binding Corporate Rules for processors (BCR-P) in the context of the EU’s ongoing data privacy legislative reform.

The letter illustrates the clear support that BCR-P have – and will continue to have – from the Working Party.  Whilst perhaps not surprising, given that the Working Party originally “invented” BCR-P in 2012 (having initially invented controller BCR way back in 2003), the letter affirms the importance of BCR-P in today’s global data economy.

“Currently, BCR-P offer a high level of protection for the international transfers of personal data to processors” writes Isabelle Falque-Pierrotin, Chair of the Working Party, before adding that they are “an optimal solution to promote the European principles of personal data abroad.” (emphasis added)

read full article at PrivacyLawBlog

European Companies See Opportunity in the ‘Right to Be Forgotten’ (that is the right spirit...)

Days after Europe’s highest court said people could ask search engines to remove some links about themselves, Andy Donaldson started to receive phone calls.

 Mr. Donaldson’s British company, Hit Search, had previously created a service for companies and individuals to monitor how and where they were mentioned across the Internet. Now, the callers wanted to know how they could take advantage of the court’s unexpected decision. And Hit Search — like a growing number of European companies — suddenly saw the potential to profit from Europe’s “right to be forgotten” ruling.

 “It’s a whole new business opportunity for us,” said Mr. Donaldson, a director at the company. “People want to protect how they appear in search results.” He said prices start at 50 pounds, or $85, a month to monitor how often someone is mentioned online and request that links be removed.

read full article at NewYorkTimes 


More than a third of security pros sending sensitive data without encryption (trust noone...)

Despite headline-making breaches that have called attention to the importance of data encryption, nearly 36% of IT security professionals admit to sending sensitive data outside of their organisations without using any form of encryption to protect it, a new survey from Voltage Security reveals.

 'This statistic is cause for alarm, particularly given that encryption provides protection for companies against cyber criminals, competing companies and even governments; it is the key to keeping sensitive data away from prying eyes,' said Terence Spies, CTO at Voltage Security. 'Encrypting data at the source means that hackers or malicious actors will not be able to see or use the information, even if they do manage to intercept it.'

 The survey was conducted at a recent European IT security exhibition by data-centric security specialist Voltage Security, and looked at the attitudes of more than 200 IT professionals towards encryption, big data security and EU data privacy regulations.

read full article at InformationAge

Microsoft Taking Steps to Comply With the Right to be Forgotten

Microsoft has kept its head down since a European court in May ruled that people could ask Internet search services to delink personal information.

But the company is about to invite a lot more attention.

Microsoft plans to follow the lead of Google, which responded to the court ruling by creating an online form that lets individuals request removal of links to material they say violates their online privacy.

read full article at NYTimes

Thursday, July 10, 2014

Status of Location Privacy Legislation in the States

In the wake of the NSA revelations, there has been an avalanche of state bills requiring law enforcement to obtain a probable cause warrant before tracking an individual’s location in an investigation. Most state legislators know they can’t control the NSA—but they can control their state and local law enforcement, which are engaging in some of the same invasive practices. The trend actually started in the wake of the ACLU’s nationwide public records requests on location tracking and the 2012 U.S. v. Jones decision, when Montana and Maine enacted the first two location tracking laws in the country—the recent revelations have simply increased the momentum.

 Working closely with our lobbyists in state capitols around the country, we’ve been tracking this activity and working hard to make sure these privacy-protective bills become law. The chart below shows the current status of state legislation as we understand it. We will keep this chart up-to-date as we receive new information.

read full article atACLU

Wednesday, July 9, 2014

Franken: Net neutrality is ‘First Amendment issue of our time’

Making sure all surfers on the Web enjoy the same speed no matter which website they visit is a fundamental free speech issue, Sen. Al Franken (D-Minn.) said on Tuesday.

“It is absolutely the First Amendment issue of our time,” Franken said at a Capitol Hill forum sponsored by the advocacy group Free Press.

“Do we want deep-pocketed corporations controlling what information you get at what speed?” he added.

Franken, who has been a critical supporter of the concept of net neutrality, said that other members of Congress simply don’t understand the way the Internet works.

“This has been the architecture of the Internet from the beginning, and everyone should understand that,” he said.

“Some of my colleagues in the Congress don’t understand that. ... You just want to go ‘Oh, come on,’ ” Franken said. “ 'Really, don’t get up and talk unless you know something.' ”

Many Republicans in Congress have opposed new net neutrality regulations, which they warn amount to government intervention in an open marketplace.
But Franken, up for reelection this year, said they have it all backwards.

read full article at The Hill

Tuesday, July 8, 2014

"If you care about online privacy, then the NSA cares about targeting you" (ooops... time to end this blog!)

If you care about online privacy, then the NSA cares about you…about spying on you. At least that is the gist of a story that privacy experts believe originated from a second NSA leaker. You may not have the required "balls of steel to operate a Tor exit node," but a new report based on a NSA-flavored leak shows that using Tor at all, or simply visiting privacy-related websites like the Tor Project (The Onion Router), Tails (The Amnesic Incognito Live System) and the Linux Journal paints a bull’s-eye on your back and marks you as a “target” for surveillance.

Thanks to Edward Snowden, we know the NSA program XKeyscore is devoted to collecting “nearly everything a user does on the Internet.” But now XKeyscore rules have been leaked, “top secret NSA source code” rules that decide who gets targeted for indefinite surveillance….and that means you if you care about online privacy. The story by Jacob Appelbaum, John Goetz, Lena Kampf first appeared in German on Tagesschau, but researchers then did an English version write-up about the investigation into the NSA targeting the privacy-conscious:

read full article at ComputerWorld 

Government right to fire civil servant for abusing Internet, privacy breach: tribunal

A labour relations tribunal has upheld the firing of a civil servant who used his government computer to indulge his car obsession, complain about his job, store electronic music files, and attempt to cheat on staffing competitions.
In a recent decision, the Public Service Labour Relations Board said the government had just cause to fire Marc Gravelle, a human resources assistant in the Department of Justice, in July 2011.

Gravelle had argued that the government did not prove its case against him and that his abrupt dismissal ignored the principle of progressive discipline.

Adjudicator Renaud Paquet, however, concluded that Gravelle had severed the bond of trust that must exist between the government and one of its employees.

“As a human resources assistant, he had access to confidential documents related to competitive processes,” Paquet ruled.

“He used that privilege for his own purposes and sent confidential documents to his home address. That constitutes a lack of integrity and very serious misconduct.”

 read full article at Otawa Citizen 

"Privacy watchdog EPIC says Facebook ‘messed with people’s minds,’ files FTC complaint" (!)

How can you leverage mobile to increase profitability for your company? Find out at MobileBeat, VentureBeat's 7th annual event on the future of mobile, on July 8-9 in San Francisco. There are only a few tickets left!
Last Thursday, the Electronic Privacy Information Center filed a complaint with the Federal Trade Commission regarding Facebook’s emotional contagion study.
The privacy center says that the psychological study fails to comply with an FTC consent order from 2012 and violates section 5 of the Federal Communications Trade Act.

“The company purposefully messed with people’s minds,” says the EPIC complaint.

Facebook conducted a study back in 2012 wherein it altered the Facebook news feeds of nearly 700,000 users to see how they would react to viewing a series of positive or negative posts. The results were recently published in the 

Proceedings of the National Academy of Sciences by researchers at Cornell University and University of California, San Francisco.

read full article at VentureBeat

N.S.A. Collecting Millions of Faces From Web Images (smile...)

The National Security Agency is harvesting huge numbers of images of people from communications that it intercepts through its global surveillance operations for use in sophisticated facial recognition programs, according to top-secret documents.

The spy agency’s reliance on facial recognition technology has grown significantly over the last four years as the agency has turned to new software to exploit the flood of images included in emails, text messages, social media, videoconferences and other communications, the N.S.A. documents reveal. 

read full article at NYTimes

Officials Defend N.S.A. After New Privacy Details Are Reported

The Obama administration on Sunday sought to play down new disclosures that the National Security Agency has swept up innocent and often personal emails from ordinary Internet users as it targets suspected terrorists in its global surveillance for potential threats.

Administration officials said the agency routinely filters out the communications of Americans and information that is of no intelligence value. The statements came in response to a report by The Washington Post, based on a trove of conversations intercepted by the N.S.A.

read full article at NYTimes

Industry Leaders to Establish Open Interconnect Consortium to Advance Interoperability for Internet of Things

Technology industry leaders Atmel Corporation, Broadcom Corporation, Dell, Intel Corporation, Samsung Electronics Co., Ltd., and Wind River, are joining forces to establish a new industry consortium focused on improving interoperability and defining the connectivity requirements for the billions of devices that will make up the Internet of Things (IoT). The Open Interconnect Consortium (OIC) is focused on defining a common communications framework based on industry standard technologies to wirelessly connect and intelligently manage the flow of information among personal computing and emerging IoT devices, regardless of form factor, operating system or service provider.

Member companies will contribute software and engineering resources to the development of a protocol specification, open source implementation, and a certification program, all with a view of accelerating the development of the IoT. The OIC specification will encompass a range of connectivity solutions, utilizing existing and emerging wireless standards and will be designed to be compatible with a variety of operating systems.

Leaders from a broad range of industry vertical segments -- from smart home and office solutions to automotive and more -- will participate in the program. This will help ensure that OIC specifications and open source implementations will help companies design products that intelligently, reliably and securely manage and exchange information under changing conditions, power and bandwidth, and even without an Internet connection.

The first OIC open source code will target the specific requirements of smart home and office solutions. For example, the specifications could make it simple to remotely control and receive notifications from smart home appliances or enterprise devices using securely provisioned smartphones, tablets or PCs. Possible consumer solutions include the ability to remotely control household systems to save money and conserve energy. In the enterprise, employees and visiting suppliers might securely collaborate while interacting with screens and other devices in a meeting room. Specifications for additional IoT opportunities including automotive, healthcare and industrial are expected to follow.

"Open source is about collaboration and about choice. The Open Interconnect Consortium is yet another proof point how open source helps to fuel innovation," said Jim Zemlin, executive director of The Linux Foundation. "We look forward to the OIC's contribution in fostering an open environment to support the billions of connected devices coming online."

read full article at WSJ

Thursday, July 3, 2014

Factsheet: EU-US Negotiations on Data Protection

Since 29 March 2011, the European Union has been negotiating with the United States government an international framework agreement (so-called ‘Data Protection Umbrella Agreement’) in order to protect personal data transferred between the EU and the U.S. for law enforcement purposes. This includes cases in which personal data is sent from the EU to the U.S. for the prevention, detection, investigation and prosecution of criminal offences, including terrorism. This factsheet takes stock of the ongoing negotiations. 

read full article at European Commission

Wearable technology – the future of privacy

 (UPDATE, 01/07/2014: Our consultation on updating our CCTV Code of Practice has now ended. We are currently considering the responses received with a view to publishing an updated version of our guidance later in the year). 

Not so long ago, the collection of personal information by body worn devices was limited to trials in specific police forces, and others that could afford the specialist equipment. However, recent progress in hardware means that wearable technology may well become as common as mobile phones, as more and more technology companies start bringing out new devices that use personal information to make your life that little bit easier.

If you’re one of the more than one million people in the UK who go running each week you may already be familiar with the range of smart bands that can track useful information, such as heart rate, running speed and location, all using something no bigger than a standard watch. All of this can help you improve your times, find out how many calories you burn off and plan your next route.

This is uncontroversial if the device simply creates the data and lets you view it on, say, a computer at home. However, further functions might involve wider sharing of your personal data, for instance, checking how your performance has improved compared to others. Some functions, such as plotting your route on a map after your run, might be more efficiently performed using an online service, even though it might not be strictly necessary to do this.

read full article at ICO Blogs

ISPs take legal action against GCHQ for 'attacking international infrastructure'

A coalition of international internet service providers (ISPs) and European hackers have filed a legal complaint against GCHQ for their “attacking and exploitation of network infrastructure”.

The complaint, lodged with the Investigatory Powers Tribunal, claims that the British spy agency’s actions are “not only illegal, but are destructive [and] undermine the goodwill the organisations rely on.”
The complaint has been filed by Riseup (US), GreenNet (UK), Greenhost (Netherlands), Mango (Zimbabwe), Jinbonet (Korea), May First/People Link (US), the Chaos Computer Club (Europe’s largest association of hackers) and Privacy International.

read full article at  The Indepedent

"There is no right ‘to be forgotten’ by internet search engines" (no oblivion ...)

Case C-131/12: Google Spain SL & Google Inc. v Agencia Española de Protección de Datos (AEPD) & Mario Costeja González – read Opinion of AG Jääskinen

This reference to the European Court of Justice (CJEU) concerned the application of the 1995 Data Protection Directive  to the operation of internet search engines. Apart from demonstrating the many complications thrown up by this convoluted and shortsighted piece of regulation, this case raises the fascinating question of the so-called right to be forgotten, and the issue of whether data subjects can request that some or all search results concerning them are no longer accessible through search engine.

All of these questions are new to the Court.

The referral arose out of a complaint made by the data subject about  announcements published some 15 years ago in the press and on the internet about the forced sale of his property following bankruptcy. 

read full article at UK Humans Right Blog 

Wednesday, July 2, 2014

Data protection - what should be public and what should be private?

Journalists are continually stymied by companies, corporations, councils, government institutions and individuals who cite the data protection act when refusing to provide information.

Many of them appear to know little about the DPA, simply employing it as a convenient way to avoid media scrutiny.

It has tended to tip the balance between the public's right to know and the protection of privacy in favour of the latter.

There is a wider context too. In May, the European Union's court of justice delivered what has been described as a game-changing judgment in a privacy test case.

In recognising a "right to be forgotten", it ruled that Google must delete "inadequate, irrelevant or no longer relevant" data from its search results when a member of the public requests it. The judgment raises serious implications for online publishers.

read full article at The Guardian

Facebook faces ICO probe over controversial user experiment (better late than ...)

FACEBOOK faces a probe from the UK's Information Commissioners Office (ICO) over its controversial user experiment, with the watchdog set to investigate whether the social network broke the law.

The Financial Times has heard from the ICO that it will examine Facebook's user experiment, which saw it manipulating News Feeds, to see whether the firm has broke the law. An ICO spokesperson told the newspaper that "it was too early to tell exactly what part of the law Facebook may have infringed."

It seems Facebook's user study could get it into a fair bit of bother, as on Tuesday it was revealed that the firm added a "research" clause to its terms and conditions (T&Cs) four months after it began manipulating what users saw on the social network.

read full article at The Inquirer

€5 billion public-private partnership on electronics launched by European Commission

The European Commission today launched a €5 billion public-private partnership - ECSEL - to boost Europe’s electronics design and manufacturing capabilities. This initiative is the core of the Electronics Strategy for Europe to mobilise €100 billion in private investments and create 250,000 jobs in Europe by 2020. At the same time, the Commission received the final recommendations of the Electronics Leaders Group, CEOs from the largest electronics companies in Europe, for the concrete and immediate implementation of the strategy.

Vice-President of the European Commission @NeelieKroesEU said: "We need to join up our efforts if we are to win back and defend a leading position for Europe. I am happy that this partnership is now active - it shows that the EU and Member States can work together quickly when there is a clear case for action. The regulation to set it up was approved in less than a year!"
Time to ECSEL

The EU will invest some €1.18 billion in the Electronic Components & Systems for European Leadership (ECSEL) Joint Technology Initiative (JTI). ECSEL will help industry launch new pilot projects and build on the €1.79 billion already invested in existing pilot lines and demonstrators. These projects bring together European manufacturers, technology companies, chip designers, software developers, researchers and universities at the early stages of product and service development, bringing research closer to market.

read full article at European Commission

Tuesday, July 1, 2014

Patents Are Eating the World and Hurting Innovation (not all, but many...)

It’s been a busy month for intellectual property. In late May, the U.S. Senate failed to pass a reform bill aimed at curbing the influence of patent trolls. In early June, Elon Musk announced that Tesla would not initiate lawsuits with any firm that used its patents “in good faith.” Last week, the U.S. Supreme Court issued a ruling limiting the scope of software patents.

The backdrop for all of it — and the reason why so many companies ought to be paying attention — is the explosion of patent litigation since the 1980s, illustrated below:


That chart is also key to understanding Tesla’s decision to share its patents in order to grow the electric vehicle industry, as I discussed today with Orly Lobel of University of San Diego and James Bessen of BU. (You can watch the recording of our conversation at the bottom of this post.)

“What Musk has said is basically these patents aren’t very valuable to us in terms of keeping other electric vehicles out of the marketplace,” Bessen explained. “But he’s hanging on to them, and what he’s talking about there is that they may be valuable in defensive terms, if other firms come after him and sue Tesla.”

In other words, the value of patents in an increasing number of cases is merely to keep from getting sued by someone else with patents.

read full article at Harvard Business Review

"Data protection key to cloud in financial services: CIO" (go Europe ... go!)

Direct insurance business launched in Singapore in 2010, aiming to disrupt traditional Asian insurance models, bypass agents, and deal direct with the customer.  After the successful launch, it expanded into Hong Kong in 2012, and Thailand the following year.  The acquisition by specialist insurer, Hiscox, at the end of Q1 2014, signalled the start of a new chapter in's development.

Following the acquisition, Managing Director Simon Birch reflected in a blog post on the initial aims of the business, and made clear how important IT was to the success of the business model.  ''We set to work on building from scratch a company with world-class service processes, segmentation and IT that would out-do the old incumbents who were dependent on legacy systems and traditional processes."

ZDNet recently caught up with CIO Jean-Marc Henaff, the man responsible for the world-class IT that was to "out-do the old incumbents," to talk about where cloud fits in the company's strategy.

read full article at ZDNet

France's burqa ban upheld by human rights court

Judges at the European court of human rights (ECHR) have upheld France's burqa ban, accepting Paris's argument that it encouraged citizens to "live together".

The case had been brought by an unnamed 24-year-old French citizen of Pakistani origin, who wears both the burqa, covering her entire head and body, and the niqab, leaving only her eyes uncovered.

She was represented by solicitors from Birmingham in the UK, who claimed the outlawing of the full-face veil was contrary to six articles of the European convention. It was, they argued, "inhumane and degrading, against the right of respect for family and private life, freedom of thought, conscience and religion, freedom of speech and discriminatory".

read full article at Guardian

Commission requests Belgium to comply with EU telecoms law

The Commission has decided to request Belgium to adapt Belgian rules regarding the independence of the Belgian Institute for Post and Telecommunications (BIPT) - the National Regulatory Authority (NRA) – to ensure their compliance with EU telecoms legislation.

read full article at European Commission

"Net Neutrality: Is It About Competition, or About ‘Everything’?" (or its about regulating last mile?)

The way FTC commissioner Joshua D. Wright sees it, the issue of net neutrality is fundamentally about competition. Ask Columbia Law School professor Tim Wu, though, and he’ll tell you it’s about much more than that.

 The disagreement cropped up during a House Judiciary subcommittee hearing on whether antitrust law would be a better mechanism for enforcing an open Internet framework than regulation by the FCC.

 “Net neutrality is about the fear that broadband providers will enter into business arrangements that disadvantage certain content providers, harm competition and thereby leave consumers and Internet users worse off,” said Wright, who was a law professor at George Mason University before joining the FTC and also has his Ph.D. in economics.  In his prepared remarks, he said enforcing existing antitrust law would better serve consumers in the broadband market. Wright has previously argued that the FTC is well-suited for net neutrality oversight.

 “I think the debate is about how competition in the broadband sector impacts Internet users,” Wright told Technocrat after the hearing. And in that sense, the “net neutrality debate is fundamentally one about competition,” he said.

 But Wu argues that the issue’s about much more than competition. “It’s about everything,” he said.

read full article at 

"Huge cuts in mobile data roaming price caps from 1 July – a drop of over 50% from last summer!" (more reductions ahead...)

It's a big summer sale courtesy of the European Commission! From 1 July 2014, the EU will cut the price caps for data downloads by more than half: down from 45 cents per megabyte to 20c/MB. It will become even cheaper to use maps, watch videos, check mails and update social networks while travelling across the EU. 

read full article at European Commission

Hong Kong’s privacy chief amplifies call for Google to extend ‘right to be forgotten’

The privacy chief has renewed his call for Google to provide its "right to be forgotten" globally - including in Hong Kong - as international pressure mounts on the internet search giant to apply the new safeguard beyond Europe.

Allan Chiang Yam-wang called on Google to pioneer a "borderless service" and adopt a "non-discriminatory approach" to applying the privacy right.

"We now live in a global village. … There must be a significant number of UK passport-holders among the Hong Kong population," Chiang said yesterday "Could they not invoke the EU legislation and exercise their right to be de-indexed?" he asked.

read full article at South China Morning Post