You are hereFeed aggregator / Categories / Privacy


Volkswagen Claims Ownership of an Entire Group of Insects

EFF News - 5 hours 26 min ago

Using word searches to find infringement is a bad way to go about things. It is likely why Volkswagen filed three takedown requests for art of beetles. Not Beetles with four wheels and headlights. Beetles with six legs and hard, shiny carapaces. For the record, Volkswagen holds no rights to literal bugs.

Peggy Muddles is a scientist and an artist who marries her two lives by making science-themed art. Among her many digital prints are a number of works featuring beetles—the type of insect. And, well, Volkswagen was not having any of that.

Muddles sells some of her prints through the website RedBubble. On December 1, 2017, she received a takedown notice for her rove beetle art from Volkswagen. Now, the rove beetle is a common insect found throughout Europe. A Volkswagen Beetle is a car.

Volkswagen, it turns out, does not own beetles the insect, the largest group of animals on this planet. Nor does it own rove beetles, the largest group of beetles alive. And it does not own the depiction of the species Paederus fuscipes, the species Muddles depicted in her art.

In response, Muddles did the right thing: she consulted a lawyer, crafted a counter-notice explaining that her bug was not the same as a car named for a bug, and sent it to RedBubble and Volkswagen. “After VW’s option to pursue expired, I repeatedly attempted to contact RedBubble to have my listing reinstated, but received only automated replies indicating that my email had been received,” Muddles told EFF. “After about two months, I chalked it up to a simple error and re-uploaded the design.”

Oh, if only that were the end of it. Mistakes made, corrected, and everyone moves on having learned something. However, months later, in mid-2018, Muddles received two more takedowns for drawings of beetles from Volkswagen. Once again, the art was of insects and not cars.

Faced with the takedown of prints titled “Buprestic rufipes - red-legged Buprestis beetle” and “Rhipicera femoralis - feather horned beetle” (you can see how Volkswagen got confused and thought these were prints of cars), Muddles once again went to her lawyer.

This time, the lawyer sent a letter saying “the beetles that are the subject matter of our client’s works of art evolved over 300 million years ago, pre-dating the fine motor vehicles manufactured by your company by approximately 300 million years.”

“The next morning we had an apology and my listings were reinstated,” said Muddles in an email to EFF. “While my illustrations on RedBubble do not net me a huge amount of money, my sales there do contribute to my financial stability, and so I was immensely frustrated.”

Muddles is lucky. She knew the law and had access to a lawyer. Not everyone is in her position. Deciding to file a counter-notice can be a very fraught thing, even if you know you’re in the right.

This is why it’s important that actual human eyes, backed by actual human judgment, look at things before takedown notices are sent. Simple logic says that a sweep for the word “beetle” is going to turn up a lot of false positives for Volkswagen. And not every artist is going to be as knowledgeable as Muddles.

It’s also concerning that RedBubble didn’t get back to Muddles after the December incident. It should not take a sternly-worded letter from a lawyer after the third ridiculous takedown notice to get a response. After Muddles explained it and, again, human eyes confirmed that there was no infringement going on, her art should have been restored to the site.

At the very least, she shouldn’t have had to guess whether or not she was in the clear. Especially since receiving repeated, unresolved takedown notices can result in someone losing their account on a site. She should have known if she had a strike against her or not.

This kind of story really bugs. And, in case Volkswagen is reading, that’s in the colloquial sense, not the car.

Categories: Privacy

EPIC Pursues Privacy Impact Assessments for Proposed DHS Biometric Database

EPIC - 7 hours 51 sec ago

EPIC has submitted an urgent Freedom of Information Act request to the Department of Homeland Security seeking the Privacy Impact Assessment for the "Homeland Advanced Recognition Technology," a proposed system that will integrate biometric identifiers across the federal government. HART would replace IDENT, which now contains biometric records on over 220 million unique individuals. In 2015 a breach at the Office of Personnel Management compromised 22 m records, including 5 m digitized fingerprints. It appears that Homeland Security failed to complete the Privacy Assessment prior to launching HART. By law, a federal agency is required to conduct a Privacy Impact Assessment before procuring information technology that stores personally identifiable information. In EPIC v. Presidential Election Commission, EPIC challenged the failure of the Commission to undertake a Privacy Impact Assessment prior to the collection of state voter data. The Commission was shuttered earlier this year.

Categories: Privacy

EPIC Urges Senate Judiciary to Examine FBI Response to Russian Cyber Attacks

EPIC - Fri, 2018-06-15 17:23

EPIC has sent a statement to the Senate Judiciary Committee ahead of Monday's hearing "Examining the Inspector General’s First Report on Justice Department and FBI Actions in Advance of the 2016 Presidential Election." EPIC urged the Committee to explore the FBI's ability to respond to future cyberattacks. According to documents obtained by EPIC, the FBI is to notify victims of cyberattacks "even when it may interfere with another investigation or (intelligence) operation." But an AP investigation found that the FBI failed to notify hundreds of officials whose email was hacked during the 2016 election. EPIC obtained the FBI's Victim Notification Procedures through a Freedom of Information Act lawsuit, EPIC v. FBI. Last month, a federal court ruled that the agency may withhold records still sought by EPIC but said that lawmakers should pursue threats to democratic institutions described in the EPIC lawsuit.

Categories: Privacy

Mega-Merger: Vertical Integration in a Deregulated Environment

CDT - Fri, 2018-06-15 16:41

It’s been a big week for the future of the internet. Monday marked the end of the FCC’s Open Internet Order (OIO) and its rules protecting net neutrality. Tuesday brought a decision from D.C. District Court Judge Richard Leon to allow telecom giant AT&T to purchase media giant Time Warner. Thursday, Comcast made a bid to buy all of Fox, and AT&T finalized its acquisition of Time Warner. The combination of massive vertical integration and deregulation could set off a tectonic shift in the landscape of the internet.

For years now, internet service providers (ISPs) like AT&T have wanted to get some of the action enjoyed by providers of content and services at the “edge” of their networks. Many of the concerns addressed by net neutrality regulations stem from ISPs’ incentives to extract payment from edge providers. Essentially, ISPs wanted to extract revenue from the popular services (especially video streaming services) that their subscribers access via their networks, thereby monetizing both “sides” of the gateway position they hold. For instance, Comcast deliberately degraded the interconnection points between its network and Netflix to gain leverage in its negotiations with the streaming provider regarding their interconnection arrangements. Other ways ISPs can use their position to cash in on the edge market include practices like paid prioritization and zero-rating.

Deregulation + Integration = Greater Threat to Open Internet

Before Monday, the OIO’s strong net neutrality protections prevented ISPs from engaging in practices that resulted in unreasonable discrimination or disadvantage to edge providers. Now, ISPs need only disclose any such practices to comply with the FCC’s only remaining regulation, the transparency rule. This leaves ISPs essentially unrestricted in their ability to leverage their position between users and edge providers, whether to extract rent from edge providers or to favor their affiliates. This deregulation favors all of the largest ISPs, but especially those who also own significant portions of the content served by edge providers.

Through paid prioritization, ISPs can charge edge providers in exchange for favorable treatment of the network traffic their services generate. The concern here is that well-funded companies will be able to buy better service than their competitors, and that users will turn away from providers with comparatively poorer performance. Edge providers’ ability to buy “fast lanes” for their data traffic makes it harder for smaller companies to compete and increases costs for those who can afford prioritized treatment. In the end, consumers will be stuck with the (double) bill if ISPs can charge for preferential treatment.

In the event of a merger and the absence of a rule against prioritization for commercial benefit, Time Warner’s offerings could potentially benefit from preferential treatment on AT&T’s networks without payment. Even under FTC oversight, any action to address this kind of discriminatory treatment would require not only detection of the problem but also protracted legal proceedings, all of which necessarily occur after the preferential treatment (and possibly the damage to competition among edge providers) takes place. In this way, vertical integration further enhances the advantages of prioritized treatment by producing them at no cost to the affiliated edge providers. It is unclear whether a competing service could even purchase a similar level of preferential treatment or whether paid “fast lanes” would always be second-best to AT&T’s treatment of Time Warner’s data.

For access providers like AT&T, whose subscription plans include data caps, zero-rated offerings can incentivize the use of certain edge services and applications. Depending on the structure of the plan, users might be more inclined to use the apps and services that do not count against their monthly data allowance than ones that do, giving the zero-rated services an advantage, both in terms of usage stats (and the related advertising revenue) and overall user base, as customers move away from non-zero-rated services. (AT&T announced Friday afternoon that it plans to offer its mobile subscribers with unlimited packages free access to television content from the Turner networks.)

Zero-rating in a vertically-integrated context gives both the ISP and its affiliated edge providers similar benefits at no cost. As with preferential treatment of network traffic, no-cost zero-rating further enhances the advantages for the ISP and its affiliates over those of other edge providers that would have to negotiate with the ISP for zero-rated carriage of their network traffic. While ISPs like AT&T may market access packages bundled with zero-rated content as a savings for consumers, it is only a savings from the costs arising from the artificial scarcity created by data caps.

Finally, AT&T’s ability to merge the data it collects about its subscribers and their internet usage with the data collected by each of the outlets under the Time Warner umbrella gives it a few advantages over non-vertically-integrated providers. First, the merger gives AT&T a major boost in terms of the amount and the kinds of data it can use for its own marketing purposes or sell to others. Second, the ability to merge these data sets gives AT&T a greater ability to track individuals (especially AT&T customers) across platforms by comparing user profiles from an affiliate’s web-based content service with AT&T’s own data set. Third, it gives AT&T and its newly acquired affiliates ready markets in which to deploy that data for advertising.

In the wake of Congress’s repeal of the FCC’s broadband privacy rules, there are few bounds on what kinds of data can be collected and how it can be used. Since the FCC’s repeal of its own net neutrality regulations, there is also little at the federal level to stop ISPs from leveraging their positions as access providers to discriminate for or against edge providers. (Net neutrality protections came into effect in Washington State with the repeal of the FCC’s rules.)

As vertical integration merges ISPs with edge providers, these protections are even more important. (In addition to the AT&T acquisition of Time Warner, Comcast is seeking to buy Fox.) Vertically-integrated ISPs will have an even greater incentive to favor their own content and edge providers, and will be better positioned to leverage their control of popular content to effect negotiations with competing services. In a world where a few ISPs control both access and content, protecting the rest of the internet against discriminatory treatment will be crucial to preserve the internet as an open and flat communications network.

The post Mega-Merger: Vertical Integration in a Deregulated Environment appeared first on Center for Democracy & Technology.

Categories: Privacy

EPIC Urges Safety Commission to Regulate Privacy and Security of IoT Device

EPIC - Fri, 2018-06-15 16:33

EPIC submitted comments to the Consumer Product Safety Commission, urging the agency to regulate the privacy and security of Internet of Things devices. EPIC advised the Commission to require IoT manufacturers to (1) minimize data collection, (2) conduct privacy impact assessments, and (3) implement Privacy Enhancing Techniques (“PETs”). EPIC recently told Congress that “CPSC should establish mandatory privacy and security standards, and require certification to these standards before IoT devices are allowed into the market stream.” EPIC has also called out the CPSC for its reluctance to address the privacy and security challenges of IoT. In the statement to Congress, EPIC described the increasing risks to American consumers.

Categories: Privacy

EPIC to House Committee: The "Digital Advertising Ecosystem" is Not Healthy

EPIC - Thu, 2018-06-14 19:10

EPIC has submitted a statement to the House Energy & Commerce Committee regarding today's hearing on "Understanding the Digital Advertising Ecosystem." EPIC told the Committee "The 'Digital Advertising Ecosystem' today is not healthy. Two companies dominate the market. The privacy of Internet users is under assault. The revenue model that sustained journalism is broken. The ad platforms are manipulated by foreign adversaries. Secrecy and complexity are increasing as accountability is diminished. It would be foolish to imagine that the current model is sustainable." In 2000, EPIC opposed Doubleclick's acquisition of Abacus. In 2007, EPIC told the FTC that Google's proposed acquisition of DoubleClick would lead to consumers being tracked and profiled by advertisers across the web.

Categories: Privacy

Apple Will Bolster Encryption Of Devices, Prevent Apps From Selling Contact Lists

EPIC - Thu, 2018-06-14 18:00

Apple announced two measures to strengthen the privacy and security of its devices: it will close a loophole that allowed law enforcement to access devices and it will prevent apps from secretly selling contact lists. In 2016, Apple refused a demand by the FBI to build backdoor access to iPhones to allow the FBI to unlock the phone of a criminal suspect. The FBI sued Apple, and EPIC filed an amicus brief in support of Apple, arguing that the FBI's demand "places at risk millions of cell phone users across the United States." The FBI eventually dropped the case. In a privacy complaint to the FTC, EPIC also opposed Google's plan to launch "Buzz," a social networking service, with private address book information. Google later backed off the plan and shuttered Buzz. In 2015, EPIC gave the Champion of Freedom Award to Apple CEO, Tim Cook, for his work protecting privacy and promoting encryption.

Categories: Privacy

EPIC Advises FCC on Robocalls Regulation

EPIC - Wed, 2018-06-13 17:25

EPIC advised the FCC on how to interpret the Telephone Communications Protection Act to best protect consumers in light of a recent decision in ACA Int'l v. FCC. EPIC filed a friend of the court brief in that case arguing that consumers could revoke consent by any "reasonable means." The court agreed but vacated other aspects of the rule. EPIC's comments argue that the FCC should require callers to meet three conditions to simplify the revocation of consent: (1) inform consumers of their right to revoke, (2) provide a simple means of revocation, and (3) comply in a timely manner. EPIC contributed to the development of the Telephone Communications Protection Act and regularly submits comments to the FCC.

Categories: Privacy

Tech Talk: Habeas Data and the Future of Work

CDT - Wed, 2018-06-13 14:31

CDT’s Tech Talk is a podcast where we dish on tech and Internet policy, while also explaining what these policies mean to our daily lives. You can find Tech Talk on SoundCloud iTunes, and Google Play.

In this episode of Tech Talk, we talking to the very engaging Cyrus Farivar about his new book Habeas Data. Cyrus, a Senior Editor at Ars Technica, takes a close look at the legal cases and policies that are shaping American surveillance practices, and shows how, not surprisingly, they have not kept up with new technologies.

After that, we welcome Aaron Pinto, a Canadian delegate to the G7 youth summit or Y7 who shared his insights on the future of work, highlighting how young leaders from the G7 countries see technology impacting their future. 


The post Tech Talk: Habeas Data and the Future of Work appeared first on Center for Democracy & Technology.

Categories: Privacy

EPIC to Senate Committee: Suspend Action on Drone Bill Until Agency Reports Complete

EPIC - Wed, 2018-06-13 11:25

As the Senate Commitee on Homeland Security and Government Affairs considers S. 2836, the Preventing Emerging Threats Act of 2018: Countering Malicious Drones, EPIC has sent a statement to the Committee urging that action on the bill be suspended until DHS and other federal agencies establish and publish drone privacy procedures as required by a 2015 Presidential Memorandum. EPIC has brought a series of open government cases against the DHS and the Department of Defense to determine the use of drones by the federal government in the United States. EPIC's cases have determined that drones operated by the DHS intercept private communications, conduct human identification at a distance, and may include military payloads.

Categories: Privacy

EPIC to Senate Commerce: Work with NTIA to Update U.S. Privacy Laws

EPIC - Tue, 2018-06-12 17:30

EPIC sent a statement to the Senate Commerce Committee in advance of a hearing on the NTIA, a key technology policy agency. EPIC warned that "American consumers face unprecedented privacy and security threats," citing both data breaches and "always on" devices that record users' private conversations. EPIC said that Congress and the NTIA should establish protections that minimize the collection of personal data and promote security for Internet-connected devices. EPIC urged Congress and the NTIA to work together to update U.S. privacy laws and establish a data protection agency. EPIC has testified before Congress, litigated cases, and filed complaints with the FTC regarding connected cars, "smart homes," consumer products, and "always on" devices.

Categories: Privacy

California’s Net Neutrality Bill Has Strong Zero Rating Protections for Low-Income Internet Users, Yet Sacramento May Ditch Them to Appease AT&T

EFF News - Tue, 2018-06-12 17:20

California’s net neutrality bill, S.B. 822, is often referred to as the “gold standard” of state-based net neutrality laws. The bill tackles the full array of issues the FCC had addressed right up until the end of 2016 before it began repealing net neutrality. One such issue is the discriminatory use of zero rating, where ISPs could choose to give users access to certain content for “free”—that is, without digging into their data plans. ISPs can use zero rating to drive users to their own content and services to the detriment of competitors.

The FCC found that both AT&T’s and Verizon’s use of zero rating appeared to be in violation of the 2015 Open Internet Order, only to have those findings and investigations terminated as one of the first acts of President Trump’s FCC Chairman Ajit Pai. The core issue is the fact that companies like AT&T were simply exempting their own affiliated services from their datacaps in a blatant effort to drive wireless Internet users to their preferred products. Undoubtedly, AT&T’s recent victory over the Department of Justice’s antitrust lawsuit that sought to prevent the giant telecom company from becoming even bigger with Time-Warner content will result in even greater levels of self-dealing through discriminatory zero rating policies.

California’s legislature has so far opted to ban discriminatory users of zero rating and prevent the major wireless players from picking winners and losers online. But new and increased resistance by the ISP lobby (led by AT&T and their representative organization CALinnovates) unfortunately has legislators contemplating whether discriminatory zero rating practices should remain lawful despite their harms for low-income Internet users. In fact, AT&T and their representatives are even going so far as to argue that their discriminatory self-dealing practices that violate net neutrality are actually good for low income Internet users.

S.B. 822’s Zero Rating Provisions Ensure Low-Income Internet Users Get the Same Internet as All Other Internet Users

Studies by the Pew Research Center show that when an Internet user has limited income to purchase Internet access, they opt to get their entire Internet usage from a wireless device. As a result, the zero rating policies of wireless ISPs have a profound impact on shaping users’ Internet experience. Users who depend on their wireless device for Internet access are highly likely to pay overage fees when they try to take advantage of the full, open web. These overage fees are part of a scheme to force wireless Internet users to only use products and services that the wireless ISP has exempted from their own arbitrary data caps—and to punish users when they stray from those products and services. The CTIA’s own study confirms that if they can drive Internet users to their chosen zero rated products to the detriment of potentially superior services.

This is why California organizations that promote the digital civil rights of communities of color—such as the Center for Media Justice and Color of Change as well as experts who represent low income Californians such as the Western Center on Law and Poverty—have all come out in strong support for S.B. 822’s zero rating provisions.

S.B. 822 bans the practice of self-dealing and discriminatory gatekeeping by ISPs outright, which is why those same ISPs will fight to take it out of the legislation before it becomes law. It is why they are actively attempting to mislead legislators in Sacramento with bogus superficial studies from groups that represent ISP interests like CALinnovates that ignore the fact that the data cap is an artificial construct that is designed to raise rates on wireless users and zero rating is how they exploit that structure. There is no benefit to Internet users by simply saying the ISP’s selected services do not have additional fees associated with them and nothing about the current structure is “free” because we have all compensated companies like AT&T and Verizon to the tune of $26 billion in profits in just 2016 alone.

Without the ability to profit from discriminatory conduct, the wireless carriers will lose the financial incentive to use zero rating to create an inferior wireless Internet for those with limited income and will no longer be able to exploit their gatekeeper power.

Do Not Forget That the FCC Found That AT&T’s Zero Rating Practices Violated Net Neutrality Right Up Until It Began Repealing Net Neutrality

The FCC’s core issue with AT&T’s zero rating practices was that AT&T explicitly exempted its own products, such as DirecTV, while capping products that would compete with DirecTV. In effect, using something that was not owned by AT&T was more expensive for their wireless users forcing users with limited income to only use what AT&T had blessed. Even the Trump Administration’s Department of Justice, in its antitrust lawsuit against AT&T, cited concerns with the company weaponizing its ownership of content (in this instance HBO) against online video competitors. The only federal entity that did not seem concerned with AT&T’s discriminatory practices was the current FCC, which intentionally abandoned oversight over the industry and is even contemplating a new proposal by AT&T to impair private competition to the incumbents today.

Upholding S.B. 822 means upholding a free, open Internet for all Californians. Without it, ISPs may have free rein to create two Internets that will be premised on how much income you have to the benefit of their own services and partners. With AT&T's recent victory in the courts over the Department of Justice and the expiration of federal net neutrality rules, S.B. 822's net neutrality protections have become more important than ever. 

Take Action

Defend net neutrality in California


Categories: Privacy

European Civil Liberties Committee: 'Privacy Shield' Should Be Suspended

EPIC - Tue, 2018-06-12 14:40

Members of European Parliament are calling for the suspension of the EU-U.S. Privacy Shield if the U.S. does not comply in full by September 1, 2018. The Civil Liberties Committee ("LIBE") passed a resolution stating that the pact, which permits the flow of European consumers' personal data to the U.S, does not adequately protect privacy. LIBE urged US authorities to respond without delay to the Cambridge Analytica breach of 87 million Facebook users. The groups also expressed "strong concerns" about the CLOUD Act which permits US law enforcement to unilaterally access personal data stored in Europe. EPIC recently told the FTC that the Cambridge Analytica breach could have been avoided had the agency enforced a 2011 Consent Order that EPIC and a coalition of consumer privacy groups obtained.

Categories: Privacy

70+ Internet Luminaries Ring the Alarm on EU Copyright Filtering Proposal

EFF News - Tue, 2018-06-12 09:58

Vint Cerf, Tim Berners-Lee, and Dozens of Other Computing Experts Oppose Article 13

As Europe's latest copyright proposal heads to a critical vote on June 20-21, more than 70 Internet and computing luminaries have spoken out against a dangerous provision, Article 13, that would require Internet platforms to automatically filter uploaded content. The group, which includes Internet pioneer Vint Cerf, the inventor of the World Wide Web Tim Berners-Lee, Wikipedia co-founder Jimmy Wales, co-founder of the Mozilla Project Mitchell Baker, Internet Archive founder Brewster Kahle, cryptography expert Bruce Schneier, and net neutrality expert Tim Wu, wrote in a joint letter that was released today:

By requiring Internet platforms to perform automatic filtering all of the content that their users upload, Article 13 takes an unprecedented step towards the transformation of the Internet, from an open platform for sharing and innovation, into a tool for the automated surveillance and control of its users.

The prospects for the elimination of Article 13 have continued to worsen. Until late last month, there was the hope that that Member States (represented by the Council of the European Union) would find a compromise.  Instead, their final negotiating mandate doubled down on it.

The last hope for defeating the proposal now lies with the European Parliament. On June 20-21 the Legal Affairs (JURI) Committee will vote on the proposal. If it votes against upload filtering, the fight can continue in the Parliament's subsequent negotiations with the Council and the European Commission. If not, then automatic filtering of all uploaded content may become a mandatory requirement for all user content platforms that serve European users. Although this will pose little impediment to the largest platforms such as YouTube, which already uses its Content ID system to filter content, the law will create an expensive barrier to entry for smaller platforms and startups, which may choose to establish or move their operations overseas in order to avoid the European law.

For those platforms that do establish upload filtering, users will find that their contributions—including video, audio, text, and even source code—will be monitored and potentially blocked if the automated system detects what it believes to be a copyright infringement. Inevitably, mistakes will happen. There is no way for an automated system to reliably determine when the use of a copyright work falls within a copyright limitation or exception under European law, such as quotation or parody.

Moreover, because these exceptions are not consistent across Europe, and because there is no broad fair use right as in the United States, many harmless uses of copyright works in memes, mashups, and remixes probably are technically infringing even if no reasonable copyright owner would object. If an automated system monitors and filters out these technical infringements, then the permissible scope of freedom of expression in Europe will be radically curtailed, even without the need for any substantive changes in copyright law.

The upload filtering proposal stems from a misunderstanding about the purpose of copyright. Copyright isn't designed to compensate creators for each and every use of their works. It is meant to incentivize creators as part of an effort to promote the public interest in innovation and expression. But that public interest isn't served unless there are limitations on copyright that allow new generations to build and comment on the previous contributions. Those limitations are both legal, like fair dealing, and practical, like the zone of tolerance for harmless uses. Automated upload filtering will undermine both.

The authors of today's letter write:

We support the consideration of measures that would improve the ability for creators to receive fair remuneration for the use of their works online. But we cannot support Article 13, which would mandate Internet platforms to embed an automated infrastructure for monitoring and censorship deep into their networks. For the sake of the Internet’s future, we urge you to vote for the deletion of this proposal.

What began as a bad idea offered up to copyright lobbyists as a solution to an imaginary "value gap" has now become an outright crisis for future of the Internet as we know it. Indeed, if those who created and sustain the operation of the Internet recognize the scale of this threat, we should all be sitting up and taking notice.

If you live in Europe or have European friends or family, now could be your last opportunity to avert the upload filter. Please take action by clicking the button below, which will take you to a campaign website where you can phone, email, or Tweet at your representatives, urging them to stop this threat to the global Internet before it's too late. 


Categories: Privacy

EPIC FOIA: EPIC Obtains Documents About Decision to Add Census Citizenship Question

EPIC - Mon, 2018-06-11 19:00

Through a Freedom of Information Act request, EPIC has obtained documents (part 1, part 2, part 3, part 4) considered by Commerce Secretary Wilbur Ross to add a citizenship question to the 2020 Census. Following a request from the Department of Justice, the Census Bureau announced that it would ask about citizenship status for the first time in over 50 years. The documents obtained by EPIC, and others who made similar requests, reflect the varying opinions from lawmakers, scientists, and immigration groups about the proposal. The documents also reveal that Kris Kobach, former Vice Chair of the now-defunct Presidential Advisory Commission on Election Integrity, urged Secretary Ross "on the direction of Steve Bannon" to add the citizenship question. According to an analysis conducted by the Census Bureau, the impact of asking about citizenship would be "very costly, harms the quality of the census count, and would use substantially less accurate citizenship data than are available" from other government resources. In a FOIA case against DHS, EPIC previously obtained documents which revealed that the Census Bureau transferred the personal data of Muslim Americans to the Department of Homeland Security after 9-11. As a consequence, the Census Bureau revised its policy on sharing statistical information about "sensitive populations" with law enforcement or intelligence agencies.

Categories: Privacy

EU Tech Policy Brief: May 2018 Recap

CDT - Mon, 2018-06-11 15:59

This is the May recap issue of CDT’s monthly EU Tech Policy Brief. It highlights some of the most pressing technology and internet policy issues under debate in Europe, the U.S., and internationally, and gives CDT’s perspective on them.

Member States Move to Introduce Pervasive Upload Filtering – Can Parliament Do Better?  

On 25 May 2018, the Council’s permanent representatives committee (Coreper) agreed on a common position on the European Commission’s draft Directive on Copyright in the Digital Single Market. Unfortunately, Member State governments did not deviate substantially from the Commission’s position: upload filters (Article 13), a press publishers’ right, and a limited Text and Data Mining exception were agreed upon. The Council missed the opportunity to propose a forward-looking innovative and harmonised copyright framework. It is now up to the European Parliament to step up and fix this mess ahead of the JURI vote on 20/21 June. We encourage people to use Mozilla’s ChangeCopyright tool to contact parliamentarians. Other platforms include Vox Scientia, which brings together the knowledge community and allows awareness-raising via its “Call to Action” page.

GDPR Has Arrived: What CDT Would Like to See Next

With the General Data Protection Regulation (GDPR) being adopted on 25 May 2018, its true impact on society and businesses is yet to be seen. Will it introduce a new era of individual empowerment or raise new barriers to innovation in technology? CDT’s President and CEO Nuala O’Connor acknowledges that ‘while the GDPR is not perfect, the values it advances are the right ones: individual autonomy and dignity’. The key will be proper and targeted enforcement, but it is already clear that it sets new standards that many companies will seek to apply globally. The United States Congress should move ahead with long-overdue federal privacy legislation that mirrors international standards. This would move us towards creating a global framework on privacy that provides transparency, control, and autonomy to individuals online.

EC Public Consultation on Tackling Illegal Content Online Requires a Human Rights Approach

When we submitted our views on the European Commission’s Inception Impact Assessment, we called on the Commission to conduct and publish a comprehensive collection of data about the nature and volume of content it targets. Without such analysis, we deem it premature to propose any legislative option. Now the Commission is collecting responses to a public consultation on ‘measures to further improve the effectiveness of the fight against illegal content online’, deadline 25 June 2018. We continue to warn that ‘progress’ in tackling various types of content should not only be measured in terms of faster takedown of more content. Also, the Commission has to avoid extending its policy results in de facto censorship of legal political speech. In this respect, we highly recommend that the States and companies abide by the latest report of the UN Special Rapporteur on free expression and regulation of user-generated content online. David Kaye, amongst other recommendations, urges States to reconsider speech-based restrictions.

E-Evidence: European Parliament Appoints Rapporteur

On 17 April, the European Commission (EC) published its draft legislation on E-Evidence to facilitate cross-border law enforcement demands for internet users’ communications content and metadata. The proposed Regulation and Directive set out a great risk to privacy worldwide, given that the proposals would give each EU Member State access for law enforcement purposes to the data of internet users worldwide: each provider in the scope of the Regulation can be compelled to disclose its users’ data no matter where the user is located and no matter the country of citizenship of the user. Discussions in the European Parliament will begin soon, with MEP Birgit Sippel (German/S&D) as rapporteur in the Civil Liberties (LIBE) committee. Going forward in this debate, our main line of advocacy will be that enhanced access to electronic data by law enforcement authorities cannot come at the expense of fundamental privacy and procedural rights protections. We previously set out ten human rights standards to measure the proposal against. As it currently stands, the legislation needs to incorporate additional safeguards and remedies in order to meet those standards.

E-Privacy: Member States Continue to Struggle to Reach Compromise

Ahead of the Council meeting scheduled on 8 June, the Bulgarian Presidency issued its latest progress report on ePrivacy. The report highlights “considerable progress” but at the same time asks for political guidance on several questions. The latest text seems to exclude some machine-to-machine communications and add exceptions to enable efficient security and antivirus services, something we have advocated for. Whether Member States will be able to agree on a text remains unclear. Meanwhile, the newly established European Data Protection Board (EDPB) published a statement on the draft ePrivacy Regulation. The EDPB among other things supports the notion of explicitly banning ‘cookie walls’ or tracking walls. The EDPB argues that use of and access to a communications service cannot require the user to consent to tracking or monitoring with the use of cookies or any other technology. The European Parliament made a similar proposal. This will be one of many controversial issues to be negotiated between Parliament and Council at a later stage. 

The post EU Tech Policy Brief: May 2018 Recap appeared first on Center for Democracy & Technology.

Categories: Privacy

Wed, 1969-12-31 20:00

Categories: , Privacy