Wij willen met u aan tafel zitten en in een openhartig gesprek uitvinden welke uitdagingen en vragen er bij u spelen om zo, gezamelijk, tot een beste oplossing te komen. Oftewel, hoe kan de techniek u ondersteunen in plaats van dat u de techniek moet ondersteunen.

Mass surveillance regimes in the UK, Belgium and France which require bulk collection of digital data for a national security purpose may be at least partially in breach of fundamental privacy rights of European Union citizens, per the opinion of an influential advisor to Europe’s top court issued today.

Advocate general Campos Sánchez-Bordona’s (non-legally binding) opinion, which pertains to four references to the Court of Justice of the European Union (CJEU), takes the view that EU law covering the privacy of electronic communications applies in principle when providers of digital services are required by national laws to retain subscriber data for national security purposes.

A number of cases related to EU states’ surveillance powers and citizens’ privacy rights are dealt with in the opinion, including legal challenges brought by rights advocacy group Privacy International to bulk collection powers enshrined in the UK’s Investigatory Powers Act; and a La Quadrature du Net (and others’) challenge to a 2015 French decree related to specialized intelligence services.

At stake is a now familiar argument: Privacy groups contend that states’ bulk data collection and retention regimes have overreached the law, becoming so indiscriminately intrusive as to breach fundamental EU privacy rights — while states counter-claim they must collect and retain citizens’ data in bulk in order to fight national security threats such as terrorism.

Hence, in recent years, we’ve seen attempts by certain EU Member States to create national frameworks which effectively rubberstamp swingeing surveillance powers — that then, in turn, invite legal challenge under EU law.

The AG opinion holds with previous case law from the CJEU — specifically the Tele2 Sverige and Watson judgments — that “general and indiscriminate retention of all traffic and location data of all subscribers and registered users is disproportionate”, as the press release puts it.

Instead the recommendation is for “limited and discriminate retention” — with also “limited access to that data”.

“The Advocate General maintains that the fight against terrorism must not be considered solely in terms of practical effectiveness, but in terms of legal effectiveness, so that its means and methods should be compatible with the requirements of the rule of law, under which power and strength are subject to the limits of the law and, in particular, to a legal order that finds in the defence of fundamental rights the reason and purpose of its existence,” runs the PR in a particularly elegant passage summarizing the opinion.

The French legislation is deemed to fail on a number of fronts, including for imposing “general and indiscriminate” data retention obligations, and for failing to include provisions to notify data subjects that their information is being processed by a state authority where such notifications are possible without jeopardizing its action.

Belgian legislation also falls foul of EU law, per the opinion, for imposing a “general and indiscriminate” obligation on digital service providers to retain data — with the AG also flagging that its objectives are problematically broad (“not only the fight against terrorism and serious crime, but also defence of the territory, public security, the investigation, detection and prosecution of less serious offences”).

The UK’s bulk surveillance regime is similarly seen by the AG to fail the core “general and indiscriminate collection” test.

There’s a slight carve out for national legislation that’s incompatible with EU law being, in Sánchez-Bordona’s view, permitted to maintain its effects “on an exceptional and temporary basis”. But only if such a situation is justified by what is described as “overriding considerations relating to threats to public security or national security that cannot be addressed by other means or other alternatives, but only for as long as is strictly necessary to correct the incompatibility with EU law”.

If the court follows the opinion it’s possible states might seek to interpret such an exceptional provision as a degree of wiggle room to keep unlawful regimes running further past their legal sell-by-date.

Similarly, there could be questions over what exactly constitutes “limited” and “discriminate” data collection and retention — which could encourage states to push a ‘maximal’ interpretation of where the legal line lies.

Nonetheless, privacy advocates are viewing the opinion as a positive sign for the defence of fundamental rights.

In a statement welcoming the opinion, Privacy International dubbed it “a win for privacy”. “We all benefit when robust rights schemes, like the EU Charter of Fundamental Rights, are applied and followed,” said legal director, Caroline Wilson Palow. “If the Court agrees with the AG’s opinion, then unlawful bulk surveillance schemes, including one operated by the UK, will be reined in.”

The CJEU will issue its ruling at a later date — typically between three to six months after an AG opinion.

The opinion comes at a key time given European Commission lawmakers are set to rethink a plan to update the ePrivacy Directive, which deals with the privacy of electronic communications, after Member States failed to reach agreement last year over an earlier proposal for an ePrivacy Regulation — so the AG’s view will likely feed into that process.

The opinion may also have an impact on other legislative processes — such as the talks on the EU e-evidence package and negotiations on various international agreements on cross-border access to e-evidence — according to Luca Tosoni, a research fellow at the Norwegian Research Center for Computers and Law at the University of Oslo.

“It is worth noting that, under Article 4(2) of the Treaty on the European Union, “national security remains the sole responsibility of each Member State”. Yet, the advocate general’s opinion suggests that this provision does not exclude that EU data protection rules may have direct implications for national security,” Tosoni also pointed out. 

“Should the Court decide to follow the opinion… ‘metadata’ such as traffic and location data will remain subject to a high level of protection in the European Union, even when they are accessed for national security purposes.  This would require several Member States — including Belgium, France, the UK and others — to amend their domestic legislation.”


TechCrunch

Over 30 civil rights organizations have penned an open letter that calls on government officials to investigate Amazon Ring’s business practices and end the company’s numerous police partnerships. The letter follows a report by The Washington Post in August that detailed how over 400 police forces across the U.S. have partnered with Ring to gain access to homeowners’ camera footage.

These partnerships have already raised concerns with privacy advocates and civil liberties organizations, who claim the agreements turn neighbors into informants and subject innocent people to greater risk and surveillance.

Had the government itself installed a video network of this size and scope, it would have drawn greater scrutiny. But by quietly working with Ring behind the scenes, law enforcement gets to tap into a massive surveillance network without being directly involved in its creation.

The new letter from the civil rights groups demand that government officials put an end to these behind-the-scenes deals between Amazon and the police.

“With no oversight and accountability, Amazon’s technology creates a seamless and easily automated experience for police to request and access footage without a warrant, and then store it indefinitely,” the letter reads. “In the absence of clear civil liberties and rights-protective policies to govern the technologies and the use of their data, once collected, stored footage can be used by law enforcement to conduct facial recognition searches, target protesters exercising their First Amendment rights, teenagers for minor drug possession, or shared with other agencies like ICE or the FBI,” it says.

Additionally, the letter points out these police deals involve Amazon coaching cops on how to obtain surveillance footage without a warrant. It also notes that Ring allowed employees to share unencrypted customer videos with each other, including in offices based in Ukraine. And it raises concerns about Amazon’s potential plans to integrate facial recognition features into Ring cameras, based on patents it filed.

The groups also point to the map released by Amazon Ring, which now shows over 500 cities with Amazon-police partnerships across the U.S.

The groups’ letter is not the first to demand action.

Senator Edward J. Markey (D-Mass.) also last month wrote to Amazon to get more information about Ring and its relationships with law enforcement agencies.

But unlike Sen. Markey’s investigative letter to Amazon’s Ring, today’s letter has specific demands for action. The groups are asking mayors and city council members to require their local police departments to cancel their Ring partnerships. The groups also want local government officials to pass new surveillance oversight ordinances that will ensure police departments can’t enter into any such partnerships in the future.

And they want Congress to investigate Ring’s dealings with police more closely.

The letter itself was published online and signed by the following organizations:

Fight for the Future, Media Justice, Color of Change, Secure Justice, Demand Progress, Defending Rights & Dissent, Muslim Justice League, X-Lab, Media Mobilizing Project, Restore The Fourth, Inc., Media Alliance, Youth Art & Self Empowerment Project, Center for Human Rights and Privacy, Oakland Privacy, Justice For Muslims Collective, The Black Alliance for Just Immigration (BAJI), Nation Digital Inclusion Alliance, Project On Government Oversight, OpenMedia, Council on American-Islamic Relations-SFBA, Million Hoodies Movement for Justice, Wellstone Democratic Renewal Club, MPower Change, Mijente, Access Humboldt, RAICES, National Immigration Law Center, The Tor Project, United Church of Christ, Office of Communication Inc., the Constitutional Alliance, RootsAction.org, CREDO Action, Presente.org, American-Arab Anti-Discrimination Committee, and United We Dream.

According to Evan Greer, Deputy Director at Fight for the Future, the letter has not yet been mailed. But the plan, going forward, is to use it in local organizing when groups on the ground make deliveries to local officials in cities where the partnerships are live.

“Amazon has created the perfect end-run around our democratic process by entering into for-profit surveillance partnerships with local police departments. Police departments have easy access to surveillance networks without oversight or accountability,” said Greer. “Amazon Ring’s customers provide the company with the footage needed to build their privately owned, nationwide surveillance dragnet. We’re the ones who pay the cost – as they violate our privacy rights and civil liberties. Our elected officials are supposed to protect us, both from abusive policing practices and corporate overreach. These partnerships are a clear case of both,” Greer added.


TechCrunch

A Federal judge appointed by President George W. Bush has ruled that the “terrorist watchlist” database compiled by Federal agencies and used by the Federal Bureau of Investigation and the Department of Homeland Security violates the rights of American citizens who are on it.

The ruling, first reported by The New York Times, raises questions about the constitutionality of the practice, which was initiated in the wake of the September 11 terrorist attacks.

The Terrorist Screening Database is used both domestically and internationally by law enforcement and other federal agencies and inclusion on the database can have negative consequences — including limiting the ability of citizens whose names are on the list to travel.

The U.S. government has identified more than 1 million people as “known or suspected terrorists” and included them on the watchlist, according to reporting from the Associated Press.

The ruling from U.S. District Judge Anthony Trenga is the culmination of several years of hearings on the complaint, brought to court by roughly two dozen Muslim U.S. citizens with the support of Muslim civil-rights group, the Council on American Islamic Relations.

The methodology the government used to add names to the watch list was shrouded in secrecy and citizens placed on the list often had no way of knowing how or why they were on it. Indeed, much of the plaintiffs lawsuit hinged on the over-broad and error-prone ways in which the list was updated and maintained.

“The vagueness of the standard for inclusion in the TSDB, coupled with the lack of any meaningful restraint on what constitutes grounds for placement on the Watchlist, constitutes, in essence, the absence of any ascertainable standard for inclusion and exclusion, which is precisely what offends the Due Process Clause,” wrote Judge Trenga.

In court, lawyers for the FBI contended that any difficulties the 21 Muslim plaintiffs suffered were outweighed by the government’s need to combat terrorist threats.

Judge Trenga disagreed. Especially concerning for the judge were the potential risks to an individual’s reputation as a result of their inclusion on the watchlist. That’s because the list isn’t just distributed to federal law enforcement agencies, but also finds its way into the hands of over 18,000 state, local,  county, city,  university and college, and tribal and federal law enforcement agencies and another 533 private entities. The judge was concerned that mistaken inclusion on the watchlist could have negative implications in interactions with local law enforcement and potential employers or local government services.

“Every step of this case revealed new layers of government secrets, including that the government shares the watchlist with private companies and more than sixty foreign countries,” said CAIR Senior Litigation Attorney Gadeir Abbas. “CAIR will continue its fight until the full scope of the government’s shadowy watchlist activities is disclosed to the American public.”

Federal agencies have consistently expanded the number of names on the watchlist over the years. As of June 2017, 1.16 million people were included on the watchlist, according to government documents filed in the lawsuit and cited by the AP — with roughly 4,600 of those names belonging to U.S. citizens and lawful permanent residents. In 2013, that number was 680,000, according to the AP.

“The fundamental principle of due process is notice and the opportunity to be heard,” said CAIR Trial Attorney Justin Sadowsky. “Today’s opinion provides that due process guarantee to all Americans affected by the watchlist.”


TechCrunch

Created by R the Company. Powered by SiteMuze.