WELCOME to Connected Rights, your toe on the tripwire of digital rights news and analysis.
CHINA IS TRYING (AGAIN) TO MAKE ONLINE ANONYMITY a thing of the past. According to new rules from the country’s “cyberspace administration”, website operators have to ensure that anyone commenting on their site is using their real name – which they have to verify: http://for.tn/2gn3yy1
That’s going to be very expensive for smaller web service operators, as verification generally involves sending out text messages to people’s phones. The Chinese government has previously tried to nix anonymity, but so far they’ve only got the big players to play along.
Viewed alongside China’s recent decision to ban people from using VPNs to hide their online tracks (see http://bit.ly/2x3IPTh), this is yet another move to control what people do online, ostensibly to protect the country’s social order. Apart from mandating real names, the new rules also order website operators to report to the authorities any comments on their sites that might be spreading rumours, leaking secrets, inciting hatred or undermining state policies about religion.
THE SWEDISH GOVERNMENT IS PLANNING TO MONITOR people’s use of VPNs, according to a new leak: http://bit.ly/2vqZoMh
Sweden is one of those EU countries that’s dead set on data retention, the practice of forcing internet service providers (ISPs) to monitor and log their customers’ online activities for the benefit of the authorities. According to this leak, the government wants VPN “activation” – whatever that means – to be logged too.
Again, VPNs are great for hiding your online activities from your ISP, undermining the whole concept of data retention. It’s not difficult to see why the Swedish government might want this measure – but it would be a first for a western democracy.
According to Jon Karlung of the Swedish ISP Bahnhof (a big advocate for its customers’ civil liberties), “Sweden is copying China, where the government demands that the net is tailored for maximum surveillance, instead of for maximum function.”
INTERNET OF THINGS DEVICES PROVIDE all sorts of privacy risks, as you’re no doubt aware, but one that hadn’t occurred to me before was the risk of people’s ISPs using the data from these devices to profile their customers.
This did occur to a bunch of Princeton researchers, who have figured out how ISPs could use the internet of things to watch people’s activities (and perhaps make a profit selling this profiling information). Happily, though, the researchers say they figured out ways to stop this from happening: http://zd.net/2iHFF5o
Thanks so much to those of you who are supporting me through my Patreon page! Your support doesn’t just help me produce this weekly newsletter – it will also help me develop further Connected Rights resources.
PRIVACY IS FINALLY A FUNDAMENTAL RIGHT IN INDIA, after the country’s Supreme Court overturned previous rulings on the matter that dated back to 1954 and 1962: http://bbc.in/2xgzR66
The ruling has wide-ranging implications, but its most immediate effect may be on the Indian government’s vast Aadhaar database, which is supposed to record not only citizens’ biometric details but also stuff about their financial activities, in order to help allocate benefits.
Civil liberties campaigners have long complained about the scheme’s potential for surveillance, particularly where there was no constitutional privacy right to protect people. Hearings about Aadhaar’s validity will now take place, taking the Supreme Court’s privacy ruling into account.
As the court said in its ruling (http://bit.ly/2w0VBnz), “if privacy is to be construed as a protected constitutional value, it would redefine in significant ways our concepts of liberty and the entitlements that flow out of its protection.”
Crucially, the court also called for the Indian government to set up a data protection regime. It feels a little absurd that this doesn’t exist in the year 2017, particularly in a country of 1.3 billion people, but at least the idea is no longer being held back by rulings from half a century ago.
INDIAN OFFICIALS ARE FOND OF SUSPENDING INTERNET ACCESS for periods of time, as regular readers will know, but what are the rules for this? Medianama has spotted official guidance from the communications ministry that makes things a little bit clearer: http://bit.ly/2iG13Id
The guidance explains that central or state governments can order temporary internet shutdowns, with review committees to look at the orders’ legality. The orders can be made on the grounds of “public emergency or public safety.”
As Medianama noted, this means district authorities no longer have the power to order shutdowns, and there is greater oversight under the new rules. However, it added, there was no public consultation leading up to this guidance’s publication, and there’s no transparency mechanism described in the rules that allows citizens to assess whether the decision was necessary or proportionate.
UBER IS ENGAGING IN A “PRIVACY PUSH”, which in this case means the ride-hailing company has decided to lets its customers say no to being tracked after their ride is finished: http://reut.rs/2xJ4IHL
Yes, back in November, Uber removed the ability for its users to limit the app’s monitoring of their location to when they’re actually using it. They have the option of turning off Uber’s location-tracking functionality altogether, but that means manually entering their current location every time they want to call a ride.
The idea, apparently, was to let Uber track people for five minutes after they’re dropped off at their destination, as a safety measure. According to Reuters’ interview with Uber chief security officer Joe Sullivan, “Uber made a mistake by asking for more information from users without making clear what value Uber would offer in return”. That, unfortunately, is the norm these days.
The changes only affect users of Uber’s iPhone app for now, though the Android app will be also be updated.
If you’d like me to write articles for you about digital rights issues, speak at your event or provide advice for your business, drop me an email at firstname.lastname@example.org.
YOU KNOW THE “PEOPLE YOU MAY KNOW” FEATURE on Facebook? A weird thing happened to Gizmodo writer Kashmir Hill when she was researching it, and trying to figure out how Facebook figures out who people might know: http://bit.ly/2wQWj7S
One person it suggested to her turned out to be a great aunt she’d never heard of. “Facebook knew my family tree better than I did,” Hill wrote. And would it explain to her how it made this connection? What do you think?
ARE YOU INTERESTED IN THE UK’S UPCOMING DATA PROTECTION LAW? If so, here’s a piece I wrote about it, and how it’s more than just a cut-and-paste of the EU’s General Data Protection Regulation. It’s from early last week so I should have put it in the last newsletter, but hey, better late than never: http://bit.ly/2wFdbyI