WELCOME to Connected Rights, your flash in the pan of digital rights news and analysis.
RUSSIANS HAVE BEEN MARCHING against the country’s ever-expanding censorship of the internet. On Sunday, around a thousand people protested prominent cases of people being prosecuted for their online writings and videos. The day before, the Russian parliament passed a law prohibiting the use of virtual private networks and anonymisers, which can help people access forbidden websites: http://bit.ly/2vZinJG
Activists have also been fighting back in chaotically subversive ways. The government runs a blacklist of sites that internet service providers have to block, and hackers have figured out a way to effectively add other sites to the list. And so, people found themselves unable to access the state censor’s website, as well as those of major news and social media services. Even bank machines were knocked offline: http://bit.ly/2v7kqiG
TODAY’S BREAKING NEWS comes from the Court of Justice of the European Union, which has nixed a draft agreement between the EU and Canada on the subject of airlines’ passenger name records (PNR). The deal would have forced airlines to offer up the details of people flying from the EU to Canada, so they could be automatically analysed before arrival.
In the court’s words, the data would reveal “a complete travel itinerary, travel habits, relationships existing between two or more individuals, and information on the financial situation of air passengers, their dietary habits or their state of health, and may even provide sensitive information about those air passengers”.
The idea was to fight terrorism and serious international crime, and the information would have been stored for up to five years. Naturally, this would infringe on people’s privacy rights, but would it be justified? Nope. The court said a “precise and particularly solid justification” was missing, given how sensitive the data was, and the five-year storage limit went beyond what was necessary. It also noted a lack of safeguards and oversight.
Yep, this is yet another example of the court fighting the practice of indiscriminate mass surveillance. See also: its striking-down of the Data Retention Directive in 2014 (http://bit.ly/2tBS4IV) and last year’s ruling on national data retention laws in the UK and Sweden (http://bit.ly/2uYldkX). The ruling also confirms the European Parliament’s fears over the scheme, which was dreamed up by EU member states and the Commission. When will people stop trying to push through what’s plainly illegal?
Digital rights group EDRi says EU countries should now scrap their national laws implementing the EU’s own internal PNR agreement, as well as PNR deals between the EU and Australia and the US: http://bit.ly/2tIwypY
THE CHINESE GOVERNMENT HAS REPORTEDLY ORDERED CITIZENS in the Xinjiang region to install a surveillance app on their smartphones. The territory is home to the much-harassed Muslim-minority Uyghur community, among others. Residents there were sent a QR code via the WeChat messaging app, through which they were told to install the spyware app.
According to a Mashable report, those who refuse or who delete the app face detention of up to 10 days: http://on.mash.to/2uAigoG. The app searches people’s phones for files classified as “terrorist” material, and uploads details of the user’s communications to the authorities’ servers.
THE GERMAN AUTHORITIES ARE PREPARING TO DEPLOY THEIR OWN SMARTPHONE SPYWARE by the end of this year, according to a Netzpolitik report: http://bit.ly/2uvCTCl. The spyware will be able to read people’s communications, even if they’re using encrypted messaging apps, and to search devices.
As I recently wrote (http://zd.net/2uYnsVI), the government has given the authorities the power to hack into and search suspects’ phones and computers for a wide range of investigations. It seems the authorities’ homegrown hacking tool will be ready for rollout this year.
As Netzpolitik notes, the police are in the meantime using FinFisher’s FinSpy tool. FinFisher’s products have regularly been found in the hands of repressive regimes, such as that of Bahrain and Ethiopia, which have used them to spy on activists, politicians, lawyers and journalists. The Germans have been using it for years, though the new law allows them to deploy it much more widely than before.
Is this legal? Probably not, though we’ll have to wait for the inevitable Constitutional Court case to nail that one down. The court has previously said spyware should only be used when people’s lives are in immediate danger.
I WENT TO A FASCINATING TECH-LAW CONFERENCE on Monday, run by Knowledge Nomads. The first speaker was the politician and activist Vera Lengsfeld, who recounted her experiences with East German surveillance.
Lengsfeld issued a stark warning about the dangers of exposing information that may seem inconsequential. When she was being interrogated by the Stasi, they played her favourite piece of music, Mendelssohn’s Scottish Symphony. “Anything can be used against a person,” she said. “Thus, the often-repeated mantra of many Stasi informants, ‘But the information I gave didn’t harm anyone,’ is not true.”
Max “Scourge of Facebook” Schrems (http://for.tn/2vZwT4j) also spoke, insisting: “I’m not here to blow up the system but to make it better.” And so did Google lawyer Lanah Kammourieh Donnelly, who acknowledged that “we haven’t always got privacy right in the past”.
She added that Google was doing a lot to get ready for the EU’s big new privacy law, the General Data Protection Regulation, which comes into effect next May. “More than 99 percent of Googlers are going to undertake online privacy training during 2017, and that includes our CEO,” she said.
IF YOU BUY AN ANDROID SMARTPHONE WITH LOUSY SECURITY, should the retailer warn you first? A German consumer protection authority says yes, and has gone to court to make its point. Here’s my article: http://zd.net/2uY7dHZ
AN AMERICAN COMPANY WANTS TO IMPLANT MICROCHIPS in its workers’ hands. The company, a Wisconsin firm called Three Square Market that makes smart vending machines, says the scheme is voluntary. The radio frequency identification (RFID) chips are not dissimilar to those in your smart keycards or travel cards – they’d let workers access the building and their computers, and pay for food in the staff canteen.
The technology reportedly comes from a Swedish outfit called BioHax International, which also chips its own employees: https://usat.ly/2uQsZNV
The fact that this is voluntary is good, obviously, but I’d be interested to know how much pressure there is to have a chip implanted. Particularly as this is a tech firm dealing with a related technology, might there be some “luddite” stigma attached to refusal? I’m usually cautious of talking about slippery slopes, but this feels like a bad route to be taking.
THE MAKER OF THE ROOMBA HOUSE-CLEANING ROBOT has caused an outcry by suggesting it could sell maps of its customers’ homes to the highest bidder: http://reut.rs/2uWjdcX
As TechCrunch notes, iRobot has long been keen to tap into the burgeoning “smart home” market by using mapping data gathered by its smart vacuum cleaners. Fair enough. But now it seems to have crossed the line by saying it might sell this data to Amazon, Apple and/or Google, all of which are big-time into smart home technology: http://tcrn.ch/2tAw4y9
Again, this would be opt-in, but the question is how clearly people would be able to understand what they’re opting into. It’s already the case that we regularly agree to terms and conditions that say, somewhere in the masses of legalese, that the service will sell our data to unspecified third parties. That’s bad enough, but there’s something about this particular case that – pardon the pun – really brings home the seriousness of the matter.
THREE SWEDISH MINISTERS FACE A NO-CONFIDENCE MOTION over a major governmental data leak that exposed top-secret information about military personnel, defence plans, witness protection programs and Swedish drivers: http://bit.ly/2v75rFh
The incident happened in 2015, but has only recently come to light. The Swedish transport agency was moving data into the cloud, in an outsourcing deal with IBM, and exposed all this highly sensitive data to foreign IT contractors with no security clearance. The prime minister has correctly described this as “a disaster”: http://bbc.in/2uYhBQd
Now the opposition Alliance coalition is trying to bring down the defence, interior and infrastructure ministers over the debacle.
“SMART GUNS” ARE THEORETICALLY only usable by their owners, thanks to the use of clever technology… that can apparently be duped with $15-worth of magnets. So much for the dream of “safer” firearms: http://bit.ly/2tErVNw