WELCOME to Connected Rights, your foot in the door of digital rights news and analysis.
THE EU’s ePRIVACY REGULATION HAS CLEARED A MAJOR HURDLE after the European Parliament green-lit the start of negotiations with the EU member states over its terms. In other words, the parliament is OK with the amendments that its civil liberties committee made to the European Commission’s initial proposal, and the regulation can continue down the legislative path. Here’s Parliament’s approved text: http://bit.ly/2xqIURk
The ePrivacy Regulation will do a bunch of things, with a bit of cross-over with the soon-to-be-in-effect General Data Protection Regulation (GDPR). The headline change is that it will extend certain confidentiality obligations from the traditional telecoms industry to the likes of Skype and WhatsApp. It will also ensure that when people flip the switch in their browsers that tells companies not to track their activities, those companies will actually have to respect the choice (it’s a system called Do Not Track and right now it’s a farce).
What’s more, the new regulation contains an update to the cookie-preferences stuff that people encounter when they visit a website – under the new rules, even if people tell the site they don’t want to be tracked by third-party cookies, the site cannot then stop them from coming in and reading whatever it is the site contains.
Needless to say, this has been an extraordinarily heavily lobbied piece of legislation. Here’s a piece I wrote on that (and trust me, you’ll want to read to the end): http://bit.ly/2z3qNmf
GRAHAM SMITH DID A NEAT ANALYSIS OF THE COMMISSION’S recent communication about platforms (e.g. Facebook and YouTube) policing illegal content. As he notes, the proposals fly in the face of European fundamental rights, and also the longstanding safe harbour provision in the eCommerce Directive: http://bit.ly/2gQyZhq
Key quote: “The Commission wants the platforms to act as detective, informant, arresting officer, prosecution, defence, judge, jury and prison warder: everything from sniffing out content and deciding whether it is illegal to locking the impugned material away from public view and making sure the cell door stays shut. When platforms aren’t doing the detective work themselves they are expected to remove users’ posts in response to a corps of ‘trusted flaggers’, sometimes without reviewing the alleged illegality themselves. None of this with a real judge or jury in sight.”
MISSED THIS ONE FROM A COUPLE WEEKS AGO, but ICANN, which runs the world’s domain name system, has essentially announced that the days of the global WHOIS system are numbered. WHOIS allows anyone to look up who owns a domain, but it clashes with the GDPR’s privacy provisions: https://go.icann.org/2z3Rk5h
ICANN wrote: “Since GDPR will likely effect how WHOIS data is displayed, it could impact our ability to maintain a single global WHOIS system. In turn, this will likely impact either ICANN’s agreements or its ability to enforce contractual compliance of its agreements using a single and consistent approach. In the short term, we need to work together to understand the scope of this impact and find the right balance between maintaining the current WHOIS services and compliance with local laws.”
Want to support this newsletter? If so, thanks so much! Here’s my Patreon page. Many thanks to those who are already contributing.
SOME AMERICAN LAWMAKERS HAVE MOVED TO FORCE GREATER TRANSPARENCY in the country’s surveillance practices, with a bill called the “Uniting and Strengthening America by Reforming and Improving the Government’s High-Tech Surveillance” (USA RIGHTS) Act. However, while it’s a better effort than a rival bill called the USA Liberty Act (seriously, these titles), digital rights group Access Now is not overly impressed: http://bit.ly/2zTlDbK
On the plus side, as Amie Stepanovich points out, the USA RIGHTS Act would “end the practice of collecting not just communications ‘to’ or ‘from’ a foreign target, but also ‘about’ a target”. However:
“The bill still fails to limit, in any way, collection of or access to the communications of non-U.S. persons not residing in the United States, even those who are not suspected of any wrongdoing. It does not create any new limitations on data retention or dissemination of data to international partners, nor to other domestic agencies, for anyone outside the United States.”
And that, ladies and gentlemen, is the sort of omission that seriously threatens the transatlantic flow of data, Privacy Shield or no Privacy Shield.
DO BODY-WORN CAMERAS (BWCs) MAKE COPS BEHAVE BETTER? Not necessarily, as this interesting Brookings Institution piece notes: http://brook.gs/2hqxBmj
Key point: “BWC advocates hope that the cameras will have a civilising effect on all involved… However, it’s also possible that BWCs could increase use of force: Perhaps most officers show restraint in heated situations to avoid being accused of bad behaviour… But facing an accusation can be quite unpleasant, even if it does not lead to penalties, and even a small chance of losing your job or going to prison might be enough to make at least some police officers wary of using force in a borderline situation. Those officers may become more likely to use force when they know camera footage will demonstrate the facts were on their side.”
More research is needed.
If you’d like me to write articles for you about digital rights issues, speak at your event or provide privacy advice for your business, drop me an email at david@dmeyer.eu.
IF INTERNET-OF-THINGS PRODUCTS CARRIED CIGARETTE-STYLE WARNINGS, this is what they’d look like, courtesy of security researcher Troy Hunt: http://bit.ly/2kLEGlv
Jokes aside, I absolutely think this should happen, in some form.
THE NEW YORK TIMES IS NOW AVAILABLE AS AN ONION SERVICE, which means it’s set up a special version of its website that can only be accessed by users of The Onion Router (Tor). Tor lets people access sites even if they are supposed to be blocked from doing so, and it lets them access those sites in secret, so basically this is a move to ensure that people can still read the paper in censorship-happy, authoritarian countries: http://nyti.ms/2zJxWat
IF YOU WANT TO BEAT FACIAL RECOGNITION SYSTEMS, you can use weird hairstyles and makeup in an attempt to confuse them. The technique is not new: it’s called CV Dazzle (http://bit.ly/1T9YVAu), and it’s pretty cool. But this – and I apologise in advance for the nightmares – is taking the concept to a whole new level: http://bit.ly/2zlkOMz
Connected Rights 