Page 2 of 9

The EU copyright law reform – the end of the Internet as we know it?

All means ALL! Even the ones we will think about in the future.

All means ALL! Even the ones we will think about in the future.

One would optimistically think that certain ideas are so unrealistic that no one would ever think about them, let alone dare expressing them. However, and contrarily to one’s best hopes, as it is getting more and more usual in the ambit of protection of IP rights, it seems that there is no limits for the manifestation of the most unbelievable ideas.

Which brings us to copyright, i.e., precisely, the protection conferred upon the expression of ideas and in relation to which the most ludicrous ideas have been expressed.

A recent communication of the EU Commission on copyright reform, entitled ‘Towards a modern, more European copyright framework’ does not bring good tidings.

Apparently it is a welcome document as it aims to address the current lack of harmonization of the copyright laws in the EU. Indeed, it is unquestionable that the current EU copyright legislation requires an update. For instance, the InfoSoc Directive (Directive 2001/29/EC on the harmonisation of certain aspects of copyright and related rights in the information society) intended to address a reality prior to the existence of Twitter, Youtube and Facebook. Consequently, adapting the EU copyright rules to the new online realities is of paramount importance.

However, alongside some seemingly positive approaches of the intended reform, and while it is not wordily stated in the document that the necessity of conferring copyright protection to the acts of using snippets in acts of linking, the reference to ‘rights of communication to the public’ and of ‘making available’ leaves the door opened to such interpretation.

So you can understand why this expression is relevant, Article 3 of Directive 2001/29 provides as follows:

Member States shall provide authors with the exclusive right to authorise or prohibit any communication to the public of their works, by wire or wireless means, including the making available to the public of their works in such a way that members of the public may access them from a place and at a time individually chosen by them.

Copyright holders therefore have the exclusive right over their works and are thus entitled to authorise or prohibit, with certain exceptions and limitations, the making and distribution of copies as well as communication to the public.

The scope of the concepts of “communication to the public” and of “making available” therefore determines what constitutes an act on the internet over which creators and related industries can claim copyright rights and, consequently, negotiate licences and be remunerated upon.

In the EU Commission own words:

The Commission is reflecting and consulting on the different factors around the sharing of the value created by new forms of online distribution of copyright-protected works among the various market players. The Commission will consider measures in this area by spring 2016. The objective will be to ensure that the players that contribute to generating such value have the ability to fully ascertain their rights, thus contributing to a fair allocation of this value and to the adequate remuneration of copyright-protected content for online uses.

In this context, the Commission will examine whether action is needed on the definition of the rights of ‘communication to the public’ and of ‘making available’. It will also consider whether any action specific to news aggregators is needed, including intervening on rights.

It further states that:

Rights that cannot be effectively enforced have little economic value, particularly when infringements occur on a commercial scale that free-rides on the work and investment of creators, the creative industries and legal distribution services.

This explicit reference to new regulation for news aggregators can be interpreted – and most probably is – as an intention to proceed to an ancillary copyright law.

Indeed, the copyright laws directed to news aggregators – which unquestionably led to restrictions on linking – as adopted in certain Member States (Spain and Germany, I presume) are cited as failures which carry the risk of more fragmentation in the digital single market.

Thus said, in a fact sheet, the EU Commission has clarified that it does not intend to tax links:

We have no intention to ask people to pay for copyright when they simply share a hyperlink to content protected by copyright. Europeans share and post hyperlinks every day and they should remain free to do so.

The Commission will look at the activities of different types of intermediaries in relation to copyright-protected content. This is a different issue.

News aggregators, for example, are not only using hyperlinks but also extracts of articles and may gain revenue doing so.

Different solutions related to news aggregators, both legislative and market-led, are being tested at national level. We are closely looking into them and are analysing whether they deliver on their objectives.”

So the use of snippets by news aggregators appears to tbe the cornerstone of the issue. Unfortunately, it does not come as a surprise. In fact, it sounds quite familiar. Lurid ideas as this one have been expressed – and protected too – through legislative means in some Member States, as I already addressed here.

More worryingly, they are motivated by the pressure of publishers who seem to not get over the fact that their content is promoted for free elsewhere than their websites and want to be compensated be the decrease of sales. Allegedly because others make money out of it. If doubts remain, the EU Commission confirms that it will adopt a ‘follow the money’ approach, which seems to confirm that the aim is to force search engines and news portals to pay publishing companies for linking to their content.

This seems to contradict the spirit of the Svensson ruling. The case involved a website providing its clients, according to their needs, with lists of clickable Internet links to articles published by other websites, in which the copyright holders alleged that their exclusive right to make their respective works available to the public had been infringed by the services provided.

In that context, the CJEU clarified some issues in regards of the relation between linking and copyright in the information society, ruling as follows:

1. Article 3(1) of Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society, must be interpreted as meaning that the provision on a website of clickable links to works freely available on another website does not constitute an ‘act of communication to the public’, as referred to in that provision.

Particularly relevant in this regard was the fact that it was interpreted that the communication at stake (making available the works concerned by means of a clickable link), despite concerning the same works as those covered by the initial communication and by the same technical means (the Internet) was not directed to a new public, meaning “a public that was not taken into account by the copyright holders when they authorized the initial communication to the public”. Consequently, such acts were deemed as not requiring the authorization of the copyright holders.

This conclusion is not altered by the circumstance that “when Internet users click on the link at issue, the work appears in such a way as to give the impression that it is appearing on the site on which that link is found, whereas in fact that work comes from another site”.

However, the Court outlined that

where a clickable link makes it possible for users of the site on which that link appears to circumvent restrictions put in place by the site on which the protected work appears in order to restrict public access to that work to the latter site’s subscribers only, and the link accordingly constitutes an intervention without which those users would not be able to access the works transmitted, all those users must be deemed to be a new public, which was not taken into account by the copyright holders when they authorised the initial communication, and accordingly the holders’ authorisation is required for such a communication to the public. This is the case, in particular, where the work is no longer available to the public on the site on which it was initially communicated or where it is henceforth available on that site only to a restricted public, while being accessible on another Internet site without the copyright holders’ authorisation.

The ruling left many questions unanswered. Therefore the intention would not be a bad thing if it addressed the relevant unattended points and if the wrong interests would not dictate the initiative. In this context it seems that the lobby pressures are stronger that the European Parliament’s express opposition on the matter.

On the bright side, it seems that the copyright protection for links in general, which would affect end users and, ultimately the very basic premise of the Internet as we know it, characterized by the open and free communication, by the unlimited sharing of information and opinions, has been put aside.

However it is questionable what is the utility of using a link without a short extract from the linked webpage. It is a common usage on the Internet. From a practical viewpoint, if the intention actually proceeds, the immediate consequence would be that, as explicit permission from the copyright holder would be required for that purpose, any Internet users linking to freely available content for commercial purposes on the Internet could be held liable for primary copyright infringement if using those snippets. As the commercial reuse or retransmission of copyright-protected content appears to be the main motivator, and considering the new arising of new forms of businesses online, such as blogs depending on publicity, it is reasonable to fear that pretty much everyone can be affected.

Furthermore, if the system of exceptions allowing for copyright-protected works to be used, in defined circumstances, without prior authorisation from the rights holders, does not ensure the proper protection in this context, the outcome will be disastrous beyond imagination.

Thus said, the whole raison d’être of copyright laws – to produce incentive to creativeness – is completely going amiss, considering that their protection is conceded uniquely to protect businesses that refuse or are just unable to adapt their strategies to the fast-changing online reality.

Monitoring of employees in the workplace: the not so private parts of a job in the EU private sector

Monitoring you? Us?

Monitoring you? Us? 1)Copyright by MrChrome under the CC-BY-3.0

In a case referring to the employees’ rights to the privacy of their correspondence and communications, the European Court of Human Rights (hereafter ECtHR) has ruled that employers are entitled to monitor their employees’ private online communications conducted through means of a messaging account provided for professional purposes.

The details of the case are as follows: the employment’s contract of Romanian engineer was terminated by his employer, back in 2007, after the company he worked for found out that he was using messaging services, such as Yahoo Messenger, to conduct personal contacts, namely with his brother and fiancée. The account was created, at the employer’s request, strictly for professional purposes and a personal use was specifically forbidden by the company policy, of which the employee was made aware. The internal regulation established, inter alia, that “it is strictly forbidden to disturb order and discipline within the company’s premises and especially … to use computers, photocopiers, telephones, telex and fax machines for personal purposes.”

While the company considered that the employee had breached the company rules by using the service for personal purposes, and thus the termination of the employment’s contract was justified, the employee argued that the termination decision was illegal due to be founded on a violation of his rights to respect for his private life and correspondence.

Among the pertinent legal instruments deemed applicable and referred by the ECtHR are, obviously, the European Convention of Human Rights (hereafter ECHR), the Directive 95/46/EC and the Art.29WP “Working document on the surveillance and the monitoring of electronic communications in the workplace”, which I also have addressed here, in regards of the issue of the monitoring of employees.

The core issue at stake was whether, considering the factual context described, the employee could have had a reasonable expectation of privacy when communicating from the Yahoo Messenger account that he had registered at his employer’s request and considering that the employer’s internal regulations, of which he was aware, strictly prohibited employees from using the company’s computers and resources for personal purposes.

Having into consideration that the use of messaging was only allowed for solely professional purposes, the Court deemed that it was not “unreasonable that an employer would want to verify that employees were completing their professional tasks during working hours.” (par. 59)

In this regard, it considered that “the employer acted within its disciplinary powers since, as the domestic courts found, it had accessed the Yahoo Messenger account on the assumption that the information in question had been related to professional activities and that such access had therefore been legitimate. The court sees no reason to question these findings.” Particularly relevant to the formation of that assumption was the fact the employee had initially claimed that he had used the messaging account to advise the company’s clients. (par. 57)

Therefore, despite concluding that an interference with the applicant’s right to respect for private life and correspondence within the meaning of Article 8 of the ECHR indeed occurred, the ECtHR concluded that there has been no violation of such rights, because “the employer’s monitoring was limited in scope and proportionate”.

The claim that the employee’s right to privacy and the confidentiality of his correspondence had been violated was therefore dismissed.

This ruling is in line with that respecting the Benediktsdóttir v. Iceland case, in which the ECtHR concluded that the right to privacy and to correspondence has to be balanced with the other rights, namely those of the employer.

However, the dissenting opinion of the judge Pinto de Albuquerque deserves particular mentioning. Particularly based on the very personal and sensitive nature of the employee’s communications, the non-existence of an Internet surveillance policy, duly implemented and enforced by the employer and the general character of the prior notice given to employees in regards of the monitoring conducted on the communications, it leads one to wonder if the assessment regarding the respect of the necessity and proportionality principles could have been as straightforward as it firstly seemed. Namely considering that the employer also accessed the employee’s own personal account.

Thus said, the specific details of the case should not be overlooked and rushed or generalized conclusions should be avoided.

As pointed out by Pinto de Albuquerque, in the absence of a prior notice from the employer that communications are being monitored, the employee has a reasonable expectation of privacy. Moreover, the  complete prohibition of the use of the Internet by employees for personal purposes is inadmissible. Furthermore, the practice of complete, automatic and continuous monitoring of Internet usage by employees is also forbidden.

The fact that the employee was adequately informed of the internal regulations imposing restriction upon the use of the messaging service for personal purposes and that employer had accessed the communications in the belief of their professional nature are paramount elements in this context. In no way must this ruling be interpreted as a general faculty of employers to monitor or snoop on their employees’ private communications.

Indeed, as clearly put by the Art.29WP in the above mentioned document, the simple fact that monitoring or surveillance conveniently serves an employer’s interest could not justify an intrusion into workers’ privacy.

In fact, as outlined by the judge Pinto de Albuquerque in his dissenting opinion: “if the employer’s internet monitoring breaches the internal data protection policy or the relevant law or collective agreement, it may entitle the employee to terminate his or her employment and claim constructive dismissal, in addition to pecuniary and non-pecuniary damages.”

Therefore, employers should take special care in providing appropriate information in regards of the use that employees are allowed to make of the company’s communication means, namely for personal purposes. Moreover, employers intending to conduct monitoring activities over their employee’s activities should implement a proper and clear monitoring policy, restricted to what is necessary and proportionate to its interests and goals. It is of paramount importance that employees are able to understand the nature, scope and effects of the monitoring, namely how their communications are controlled, what content is accessed, how is it analysed and what information is recorded and kept and for what purposes. In this context, data protection rules fully apply, namely conferring employees with the rights to access all the information held about them and to obtain a copy of such records.

And to completely prevent unpleasant surprises, a word of advice to employees: do not rely on your employer’s good judgement. Avoid altogether using means provided to you for professional purposes to conduct private activities or communications.

References   [ + ]

1. Copyright by MrChrome under the CC-BY-3.0

Foolish patents or the inventive step of idiocy

It is very frustrating that the rationale of a legal mechanism such as patents, intended to enable inventors to recover from their creative efforts, the investment of time and of financial resources that they have put into the development  of new and non-obvious inventions, and therefore promote innovation, has been subverted for the monetary compensations it entails when infringement occurs.

Patents confer an exclusive right upon their owner, enabling him to exclude others from making, using, importing, and selling the patented innovation for a limited period of time and making the practice of those acts by third parties dependent of an authorization of the patent owner, i.e., a license.

In this context, patents are intrinsically linked to competition. A particular concern is to not attribute such an exclusive right to creations that do not amount to an invention, i.e., based upon a basic or common function which does not contain any inventive step considering the prior art. Indeed, patenting something that is elementarily required to produce a given functionality would amount to conferring to the right owner a monopoly that would prevent any further competition and, consequently, future innovation.

In the computer software context, considering that most patents are conferred for very restricted elements of a given product, a particular danger is the development of patent thickets, which can be described as a web of interdependent and overlapping IP rights which require new inventions to depend upon licensing from different patent owners. This is so because it is possible to own a patent on an element crucial for the proper functioning of other parts of a software product.

Understandably, patent trolls can find here the greatest of motivations.

It is important to distinguish, in this context, design patents and utility patens, with which most of us are more familiar with.

Utility patents are meant for new, non-obvious and, as their name might have you guessing, useful inventions, having into consideration the specific functionality of the product.

By contrast, design patents address new, non-obvious, non-functional, aesthetic or ornamental aspects of products, provided that the design is not exclusively mandated by the function of the product. In practice, this amounts to demonstrate that alternative designs enabling the same function exist. Therefore, these patents are often associated with the ‘look and feel’ of the product.

As with any other patent, the exclusive right conferred by design-patents aim to prevent competitors from copying another company’s products designs. Hence, these patents assume particular importance when a product presents key features which enable consumers to immediately associate a design with a particular brand.

Design patents have been particularly popular in the field of computer software, namely in regards of the user experience and user-interfaces. From what I have had the chance to learn last trimester in the respective module of the post-grad program I am currently undertaking, I would risk saying that computer software patents do not really need any more complexities added to them. In fact, I am still recovering from the European Patent Office’s case law regarding what constitutes the proper technical character of an invention.

Thus said, a design patent was at stake, among other claims, in the Apple v. Samsung case regarding the ‘slide-to-unlock’ patent, describing a way to unlock a touch screen device. I still fail to comprehend how taking the general existing logic of opening gates, doors or fences and applying it to a computerized device passes the assessment of the inventive step test.

Similarly, just recently, among other allegations, Microsoft claimed that its patent over the design of a slider, which it named “User Interface for a Portion of a Display Screen” and which allows users to zoom in or out of documents, has been infringed by Corel.

Just so you get a complete idea of the claim, you can find below the design at stake:

Microsoft slider.

In its defence, it must be noted that the patent claim does not refer to a generic slide, but to the specific design of the slider and its placement in the bottom right corner of the User Interface.

Disregarding the consideration if the design at stake qualifies as new and non-obvious version of existing designs (i.e., prior art), such claim – if successful – might have serious economic repercussions for Corel as it will entitle Microsoft to all of the profits attributed to that design even if respecting a part of the product and not the entire product.

Nevertheless, the Electronic Frontier Foundation (EFF) has qualified this claim as the most stupid patent of December 2015. And despite any good will one might want to manifest in favour of Microsoft, it is indeed difficult to escape the obviousness of all this nonsense.

When the information asked from job applicants is simply too much…

We also need your credit card info, body size and a blood sample just for the application.

We also need your credit card info, body size and a blood sample just for the application. 1)Copyright by Kathryn Decker under the Creative Commons – Attribution 2.0 Generic

I am currently looking for new professional opportunities and, in my quest, I have faced some very peculiar data collection policies in the context of some recruitment processes.

From being required to provide my full name, my ID number, my social security number, my complete address as mandatory information to be provided to apply for a certain job or to file a spontaneous application… I have pretty much been asked everything. At this point, I wouldn’t be surprised anymore to be asked for my bank account, my bloodtype or my electoral numbers, which are as useless information to be required for such purpose.

And when this comes from big companies which actually ought to know better and have data protection policies implemented, it is all the more astonishing!

Perhaps this may come as a surprise for some, as I am prone to conclude considering my recent experiences, but when personal data is collected as part of a recruitment process, the Data Protection rules do apply.

With regards to the balance which ought to be stricken between a potential employer’s need for information in order to select among applications and the applicants’ right to respect for their private life, I think that it is pretty straightforward that requiring the abovementioned elements is pointless and disproportionate in a recruitment process.

In fact, it amounts to collect from job applicants information that is only necessary if you are going to eventually appoint a specific applicant as an employee. Which only happens at a later stage.

Besides being annoying to be required to mandatorily provide pointless personal information to a recruiter from whom one might never hear again, it is actually a breach of data protection rules to collect irrelevant or excessive information.

Having this into consideration, if you collect such unnecessary information in the context of recruitment processes and if you have received my application, you should seriously consider calling me for an interview. :o)

 

References   [ + ]

1. Copyright by Kathryn Decker under the Creative Commons – Attribution 2.0 Generic

The ‘Safe Harbor’ Decision ruled invalid by the CJEU

Safe harbor?!? Not anymore.

Safe harbor?!? Not anymore.

Unfortunately, I hadn’t had the time to address the ruling of the CJEU issue last October, by which the ‘Safe Harbour’ scheme, enabling transatlantic transfers of data from the EU to the US, was deemed invalid.

However, due to its importance, and because this blog is primarily intended to be about privacy and data protection, it would be shameful to finish the year without addressing the issue.

As you may be well aware, article 25(1) of Directive 95/46 establishes that the transfer of personal data from an EU Member State to a third country may occur provided that the latter ensures an adequate level of protection. According to article 25(6) of the abovementioned Directive, the EU Commission may find that a third country ensures an adequate level of protection (i.e., a level of protection of fundamental rights essentially equivalent to that guaranteed within the EU under the directive read in the light of the Charter of Fundamental Rights) by reason of its domestic law or of its international commitments.

Thus said, the EU Commission adopted its Decision 2000/520, by which it concluded that the “Safe Harbour Principles” issued by the US Department of Commerce ensure an adequate level of protection for personal data transferred from the EU to companies established in the US.

Accordingly, under this framework, Facebook has been transferring the data provided by its users residing in the EU from its subsidiary in Ireland to its servers located in the US, for further processing.

These transfers and, unavoidably, the Decision had been challenged by the reference to the CJEU (judgment in Case C-362/14) following the complaint filed by Max Schrems, a Facebook user, before the Irish DPA and subsequently before the Irish High Court. The main argument was that, considering the access electronic communications conducted by its public authorities, the US did not ensure adequate protection of the thus transferred personal data.

According to the AG’s opinion, “the access enjoyed by the United States intelligence services to the transferred data constitutes an interference with the right to respect for private life and the right to protection of personal data”.

Despite considering that a third country cannot be required to ensure a level of protection identical to that guaranteed in the EU, the CJEU considered that the decision fails to comply with the requirements established in Article 25(6) of Directive and that the Commission did not make a proper finding of adequacy but merely examined the safe harbour scheme.

The facts that the scheme’s ambit is restricted to adhering US companies, thus excluding public authorities, and that national security, public interest and law enforcement requirements, to which US companies are also bound, prevail over the safe harbour principles, were deemed particularly decisive in the assessment of the scheme’s validity.

In practice, this would amount to enable the US authorities to access the personal data transferred from the EU to the US and process it in a way incompatible with the purposes for which it was transferred, beyond what was strictly necessary and proportionate to the protection of national security.

As a result, the Court concluded that enabling public authorities to have access on a generalised basis to the content of electronic communications must be regarded as compromising the essence of the fundamental right to respect for private life.

The Court stated that the decision disregards the existence of such negative interference on fundamental rights, and that the lack of provision of limitations and effective legal protections violates the fundamental right to effective judicial protection.

Upon issuance of this ruling, the Art29WP met and concluded that data transfers from the EU to the US could no longer be legitimized by the ‘Safe Harbor’ decision and, if occurring, would be unlawful.
While its practical implications remain unclear, the ruling undoubtedly means that companies relying on the ‘Safe Harbor’ framework for the transfer of personal data from the EU to the US need to rely, instead, on another basis.

In this regard, considering that not all Member States accept the consent of the data subject or an adequacy self-assessment as a legitimizing legal ground for such cross-border transfers, Model Contractual Clauses incorporated into contracts and Binding Corporate Rules (BCR) for intragroup transfers seem to be the most reliable alternatives in certain cases.

Restrictions on data transfers are obviously also foreseen in the GDPR, which, besides BCRs, Standard Contracts and adequacy decisions, includes new data transfer mechanisms such as certification schemes.

You can find the complete version of the ruling here.

Opinion of the EDPS on the dissemination and use of intrusive surveillance technologies

We need some more surveillance here!

We need some more surveillance here! 1)Copyright by Quevaal under the Creative Commons Attribution-Share Alike 3.0 Unported

In a recently published opinion, the EDPS addressed its concerns in regards of the dissemination and use of intrusive surveillance technologies, which are described as aiming “to remotely infiltrate IT systems (usually over the Internet) in order to covertly monitor the activities of those IT systems and over time, send data back to the user of the surveillance tools.”

The opinion specifically refers to surveillance tools which are designed, marketed and sold for mass surveillance, intrusion and exfiltration.

The data accessed and collected through intrusive surveillance tools may contain “any data processed by the target such as browsing data from any browser used on that target, e-mails sent and received, files residing on the hard drives accessible to the target (files located either on the target itself or on other IT systems to which the target has access), all logs recorded, all keys pressed on the keyboard (this would allow collecting passwords), screenshots of what the user of the target sees, capture the video and audio feeds of webcams and microphones connected to the target, etc.

Therefore these tools may be adequately used for human rights violations, such as censorship, surveillance, unauthorised access to devices, jamming, interception, or tracking of individuals.

This is particularly worrisome considering that software designed for intrusive surveillance has been known to have been sold as well to governments conducting hostile surveillance of citizens, activists and journalists.

As they are also used by law enforcement bodies and intelligence agencies, this is a timely document, considering the security concerns dictating the legislative amendments intended to be implemented in several Member States. Indeed, as pointed by the EDPS, although cybersecurity must not be used for disproportionate impact on privacy and processing of personal data, intelligence services and police may indeed adopt intrusive technological measures (including intrusive surveillance technology), in order to make their investigations better targeted and more effective.

It is evident that the principles of necessity and proportionality should dictate the use of intrusion and surveillance technologies. However, it remains to be assessed where to draw the line between what is proportional and necessary and disproportional and unnecessary. That is the core of the problem.

Regarding the export of surveillance and interception technologies to third countries, the EDPS considered that, despite not addressing all the questions concerning the dissemination and use of surveillance technologies, “the EU dual use regime fails to fully address the issue of export of all ICT technologies to a country where all appropriate safeguards regarding the use of this technology are not provided. Therefore, the current revision of the ‘dual-use’ regulation should be seen as an opportunity to limit the export of potentially harmful devices, services and information to third countries presenting a risk for human rights.

As this document relates to the EU cybersecurity strategy and the data protection framework, I would recommend its reading for those interested in those questions. You can find the document here.

References   [ + ]

1. Copyright by Quevaal under the Creative Commons Attribution-Share Alike 3.0 Unported

What do your Internet connection records reveal about you?

Not anymore!

Not anymore!

When I brought up in a conversation the issue regarding the measures intended to be taken by some governments, in particular the access to Internet connection records foreseen in the UK draft Investigatory Powers Bill, I was quite surprised to realise that some people around me seemed to accept that online privacy should be curtailed in order to ensure stronger security, a view with which I strongly disagree.

But more importantly for this post, they did not consider it excessively intrusive.

And then I just realised that, none withstanding the fact that Internet is an intrinsic part of our daily lives, many are simply clueless about the detailed digital fingerprint they leave behind, website after website visited, and how much revealing that is.

It never ceases to amaze me how, in this Internet dependent era, so many people actually ignore how much information regarding their lives, habits, and ultimately, their privacy is at stake.

One thing is to ponder the pros and cons of registering in a website or downloading an app and take a decision accordingly. Another completely different is to simply be unaware of the risks, to not wonder: what is done with this information?… And subsequently take completely unaware decisions and form and convincingly express their opinions on flawed grounds.

Let’s be clear here: to have access to someone’s Internet connection records is to have access to their Internet browsing history!

Yes, the very same some people delete for the most various reasons, but that essentially amounts to one and only: for it not to be known.

Now consider that there is little in our real life that does not reflect in our online activities. From booking flights and hotels, buying books and clothes, or other less random items, online dating, participating in discussion groups and forums, ‘googling’ in general… Imagine, for instance, googling a specific health condition that is worrying you…

And what can be inferred and the correlations which can be made from those searches and websites accessed… From your interests, to your lifestyle, to your personal life and your health…

And, yes, that includes the most embarrassing little details that your browsing history can reveal.

In this context, I would say that the time and amount of times you visited a website would be the less worrisome but even these can be quite informative, if a pattern emerges.

Only someone who is not familiar at all with the concept of ‘profiling’ of interests and behaviour and the detailed conclusions which can be reached can argue that the access to the browsing history is not sufficiently revealing and intrusive to raise any concerns from a privacy viewpoint.

This is not about having ‘something to hide’ or ‘anything to be ashamed of’. It is about unwilling exposure and the complete unaware loss of privacy. Even for those who truly believe to be utter uninteresting, there is certainly something they would rather keep secret. And it is that little bit that should be considered before taking a stance on the issue of government surveillance.

Tech companies: The new assistants of police and security services

Yes, these guys!

Yes, these guys!

It seems that tech companies are what is left standing between citizen’s privacy rights and governments’ surveillance…

This has been demonstrated in the past by Microsoft stance in regards of the access to the tech companies networks by intelligence agencies and law enforcement authorities, in order to collect information about its users.

More recently, it has been the turn of Apple, which has expressed substantial objections to the proposals intended to update UK’s surveillance laws in its written submission to the Joint Committee on the Draft Investigatory Powers Bill.

According to the draft, police and security services will be able to access the Internet browsing history of UK citizens, without prior judicial authorisation being required. Moreover, in order to comply with a judicial order, companies could be required to hack devices and accounts to acquire information.

Apple argues convincingly that such measures amount to implement a ‘back door’, which will weaken the end-to-end encryption methods used by tech companies precisely to protect communications between devices and the associated customer data, thus allowing for an easier interception by third parties. As put by Tim Cook himself, “any back door is a back door for everyone”.

One would dare to think that, considering all the news regarding data breaches and hacking, implementing ‘back doors’ would be spontaneously deemed an foolish idea and automatically excluded from discussion.

Apparently not.

It is a common view of many national governments, fuelled by the successive terrorist attacks in Paris, that the strengthening of the capabilities of law-enforcement agencies is required in order to prevent terrorist attacks.

However, the view that privacy should be traded for increased and stronger national security is exaggeratedly one-dimensional, as they are not forcefully as closely related as some want them to appear.

Considering that the terrorists involved in those attacks were already well-known from the competent authorities, it is difficult to accept how more privacy-intrusive tools, directed to everyone, and which actually entail further exposing citizens to online threats, will help preventing future attacks.

« Older posts Newer posts »

© 2017 The Public Privacy

Theme by Anders NorenUp ↑