According to a survey carried out by German IT industry lobby group BITKOM, 23% out of 1000 German respondents would accept to have a microchip implanted in their body if that would bring concrete benefits from it.The survey was meant to show the increase of the division between real life and the virtual world, as one of the themes of the CeBIT technology fair having taken place in Hanover between 2 and 6 March 2010.However, the study findings are debatable as the respondent sample was not only small but also taken from a special pool (CeBIT visitors who are probably IT inclined anyway). And one must not overlook the fact that 77% of the study respondents were, in fact, against the respective technology. In fact 72% stated they wouldn’t “under any circumstances” allow electronics in their body.About 16% of the respondents said they would wear an implanted chip in order to be saved faster by emergency services in case of a fire or accident and 5% would be willing to have an implant to make their shopping easier.”This is of course an extreme example of how far people can imagine networks going,” said BITKOM chief Professor August-Wilhelm Scheer during CeBIT who added that implanting chips into humans was going to become commonplace. “Some developments can already be seen. CDs and DVDs are going to disappear as material sources of information. Wallpaper will be

On 6 December 2013, the EU justice ministers took again a step back in adopting the EU Data Protection Regulation.The day was considered by EU commissioner for justice, Viviane Reding as a disappointing one for data privacy. What was this time? “The ministers did not want to make hasty decisions,” Lithuanian Justice Minister Juozas Bernatonis told reporters. The issue having caused the delay seems to be the so-called one-stop shop principle which harmonizes decision-making across the EU.Hubert Legal, head of the legal service for the European Council said the one-stop shop rule undermined citizens’ human rights. “The problem is the results you get in terms of respecting the functioning of justice and people’s rights is actually a very bad outcome a very bad result and as your legal adviser I have to tell you it’s a bad outcome.” Mr Legal believes that under the one-stop-shop system, EU citizens whose data had been mishandled by a company based in another member state would face linguistic and financial barriers discouraging them from going to court.Ms Reding reacted by claiming that talks should now be at a “political” rather than “legal” stage, drawing attention on the fact that that current data protection legislation was fragmented, inconsistent and needed to be fixed. She insisted that the commission’s own legal review provided assurance that the one-stop-shop was legal.Yet, the issue seems more complicated for some member states. It

The Advocate General of the European Court of Justice issued a devastating Opinion on the European Directive that requires European telecommunications providers to store details of all electronic communications for between six months to two years. The case was brought before the Court by EDRi-members Digital Rights Ireland and AKVorrat.at in close cooperation with Austrian EDRi members IfNf and VIBE.The Advocate General’s Opinion states that the Directive “is as a whole incompatible with Article 52(1) of the Charter of Fundamental Rights of the European Union”. In particular, the measure is not necessary and does not “genuinely meet objectives of general interest recognised by the Union. Furthermore, Article 6 of the Directive is in violation of Articles 7 and 52(1) of the Charter.“The failings of the Directive 2006/24/EC have been crystal clear since it was initially proposed by the European Commission. Neither at the time that the proposal was initially made, nor at any time since, has the Commission been able to produce credible evidence that the measure was necessary,” says Joe McNamee, Executive Director of European Digital Rights.Faced with abuses of the data being stored under the Directive – which it detailed in its own evaluation report – the European Commission did nothing.Faced with cases where democratic governments decided against implementing the flawed and unnecessary legislation was not fully implemented, the Commission took legal action against Austria, Greece, Germany, Ireland and Sweden. As

Last month, an international coalition of civil rights organizations and academic experts asked antivirus software vendors how they handled state-sponsored malware. Some of them already responded and the responses are interesting.The letter, drafted by Bits of Freedom and signed by organisations such as EDRi, several EDRi-members and security experts such as Bruce Schneier, was sent to various antivirus companies (see below for a complete list). The coalition writes in the letter that these companies have a vital position in providing security and maintaining the trust of internet users engaging in sensitive activities such as electronic banking. Therefore, they were asked to answer four questions:1) If they have ever detected the use of state sponsored software for the purpose of surveillance;2) If they have ever been approached with a request by a government to not detect such software or, if detected to not notify the user of their software;3) If they have ever granted such request;4) How they would respond to such a request in the future.Up until this moment, only a handful of the vendors have replied ESET, F-Secure, Norman Shark, Kaspersky, Panda and Trend Micro. All of the responding companies have confirmed the detection of state sponsored malware, e.g. R2D2 and FinFisher. Furthermore, they claim they have never received a request to not detect malware. And if they were asked by any government to do so in the future, they said they

In a press release published on 15 November 2013, the European Data Protection Supervisor (EDPS), criticised the Commission proposal for a Regulation laying down measures concerning the European single market for electronic communications. The announced goal of this Regulation is to ease the requirements for communications providers, standardize wholesale products, aiming at harmonising the rights of end-users. In general, Hustinx approves the idea to include net neutrality, but points out that the Regulation provides the permission for abuses by the Internet Service Providers (ISPs) who would be legally allowed to manage and monitor the internet traffic of their users. Hustinx stated serious concerns especially with regard to Deep Package Inspections (DPI):”Any monitoring and restriction of the internet activity of users should be done solely to achieve a targeted, specific and legitimate aim. The large-scale monitoring and restriction of users’ internet communications in this proposal is contrary to European legislation as well as the EU Charter of Fundamental Rights. Such interference with the right to personal data protection, confidentiality of communication and privacy will do little to restore consumer confidence in the electronic communication market in Europe.”The current proposal would offer broad interpretations for the service providers to control the online activities of their customers by monitoring their data flows ranging from visits of websites to the receiving of e-mails and would even legitimate the slowing down of bit rates or the restriction of

The Russian security authorities are taking new measures to expand their surveillance of the Internet by requiring ISPs to store all traffic temporarily and make it available to the Federal Security Service (FSB).According to an article published by newspaper Kommersant, Vympelkom, the owner of the mobile network Beeline, made a complaint to the Ministry of Communications about the new decree made public on the 21 October 2013, developed by the Ministry together with the FSB, which will require ISPs to monitor all Internet traffic, including IP addresses, telephone numbers, and usernames.The decree, which is to come into force in July 2014, also requires that ISPs store the traffic for 12 hours after collection and grant the security services exclusive access to the data. Vympelkom argues that the decree infringes several articles of the Russian Constitution, including the rights to privacy and due process.Julius Tai, Managing partner of law firm Bartolius, believes that the order is violating not only the Constitution but also the Criminal Code, the Criminal Procedure Code and the Law on the protection of personal data. “The existing legal and technical possibilities of access to personal data of Internet users and law enforcement agencies are enough. The unlimited expansion of these opportunities will lead to a violation of the rights of ordinary citizens …” said Mr. TaiFSB is already monitoring the Internet through SORM, the System for Operative Investigative Activities, which

AGCOM, Italy’s independent Electronic Communications Authority, is on the verge of undertaking the power of ordering the removal of any online content that it deems to be in violation of the copyright law, without the need of the parliament or court approval.Despite strong criticism from NGOs, ISPs, other companies or legal practitioners, the authority’ new Draft Regulation on Copyright Protection on Electronic Communication Networks allows it to black out foreign sites and take down Italian ones alleged to have infringed the copyright law, within 48 hours, without any court decision.The legislation is to be passed definitively in November 2013 after a decision from the European Union. AGCOM’s bill will give the authority the power to order Internet access providers to disclose private information about subscribers and give them to the right holders. Any website “inciting, aiding and abetting” copyright infringement, even indirectly” will permit its complete seizure.An alliance of organizations including the consumer groups, lawyers, and business have initiated a campaign to oppose the measures introduced by the bill which risk to turn ISPs into online censors, are totally inefficient and may lead to over-blocking and abuse.The alliance has also sent an open letter to Laura Boldrini, the president of the lower house of the Italian Parliament urging the assembly to take the matter into its own hands and suspend the draft regulation.On 1 October 2013, EDRi member Article 19 issued a detailed

The European Parliament’s Civil Liberties Committee held a crucial vote on the future of privacy and data protection in Europe.We applaud Parliamentarians for supporting – and even improving – several important and valuable elements of the original Commission proposal. We are particularly happy that the Committee chose to overturn the Commission’s proposal to allow Member States the scope to exempt themselves from the rules on profiling.Nonetheless, we are shocked and disappointed that Parliamentarians voted to introduce massive loopholes that undermine the whole proposal.“If allowed to stand, this vote would launch an ‘open season’ for online companies to quietly collect our data, create profiles and sell our personalities to the highest bidder” said Joe McNamee, Executive Director of European Digital Rights. “This is all the more disappointing because it undermines and negates much of the good work that has been done,” he added.Despite almost daily stories of data being lost, mislaid, breached and trafficked to and by foreign governments, our elected representatives adopted a text saying that corporate tracking and profiling of individuals should not be understood as significantly affecting our rights and our freedoms.The Committee extended the range of circumstances in which companies can process an individual’s data without their consent – and made the rules far less easy to understand.These huge loopholes are all the more disappointing when we consider that MEPs agreed to support several positive measures elsewhere in the text.

On Monday 21 October, the European Parliament’s Committee on Civil Liberties will decide on the future of privacy and data protection in Europe. The recent revelations surrounding government surveillance involving some of the Internet’s biggest companies have highlighted the urgency of an update of Europe’s privacy rules.The Regulation will have a major impact on the digital environment for citizens, businesses and public bodies. “The choice is between clear, harmonised, predictable and enforceable rules that will benefit European citizens and businesses or unclear, unpredictable rules that will benefit nobody except data monopolies and lawyers,” said Joe McNamee, EDRi’s Executive Director.Civil society groups are concerned that any weakening of the European data protection rules and principles will undermine the rights and freedoms of European citizens. The past months have shown how important it is to limit the collection of data to the minimum necessary, to ensure privacy by design and to safeguard the right of individuals to delete their data from online services. The European Parliament now has the responsibility to ensure that Europe gets strong data protection rules for a competitive and harmonised market.The Regulation will only be as strong as its weakest link, so it is critical that no loopholes are created that would undermine our democratic rights. Joint press release by: Access Raegan MacDonald +32 486 301 096 raegan@accessnow.org Alternative Informatics Association – Turkey Özgür Uckan + 90 1 216 418 0

On 2 October 2013, EDRi signed a joint letter together with other civil society groups and organisations (CCIA, EDIMa, EuroISPA, EEA and EMOTA) asking the competent EU institutions to act on the amendments to the draft Regulations on Market Surveillance and Product Safety that could have far-reaching consequences affecting online commerce and Internet intermediaries freedom.The letter asks not to extend the scope of the Regulation to cover intellectual property, as that would undermine legal certainty and put an excessive burden on businesses, particularly SMEs.Also, the text points to a number of amendments that would undermine the principle of technology neutrality and would specifically burden e-commerce by singling out ‘online’ trade and seeking to impose far-reaching and inappropriate obligations on intermediaries, by asking them obligations of general monitoring. This would be contradictory to the current European legislation, the Charter of Human Rights and recent SABAM rulings from the European Court of Justice. Source: EDRI-gram “Joint letter on Market Surveillance and Product Safety Regulation” Number 11.19, October 2013