WELCOME to Connected Rights, your chip off the old block of digital rights news and analysis.

Enjoy this newsletter? Forward it to a friend or get them to sign up. I’m David Meyer, aka @superglaze on Twitter and @davidmeyerwrites on Facebook. Don’t forget to check out the Connected Rights website and download a copy of my book, Control Shift: How Technology Affects You and Your Rights. Maogmáng Pag-abót!

GOOGLE’S PROTOTYPE SEARCH ENGINE FOR THE CHINESE MARKET, Dragonfly, was apparently designed to link searches to users’ phone numbers. If this Intercept report is accurate, well, that’s bloody disgraceful on Google’s part.

A couple of excerpts from that piece: “Google compiled a censorship blacklist that included terms such as ‘human rights,’ ‘student protest,’ and ‘Nobel Prize’ in Mandarin… individual people’s searches could be easily tracked – and any user seeking out information banned by the government could potentially be at risk of interrogation or detention if security agencies were to obtain the search records from Google… Sources familiar with Dragonfly said the search platform also appeared to have been tailored to replace weather and air pollution data with information provided directly by an unnamed source in Beijing.”

Really, Google? Really? Time to stop ignoring the questions of journalists and lawmakers – if you’re going to do this, fess up and stop claiming you don’t do evil.

Here, incidentally, is what Jack Poulson, a research scientist who resigned from Google over the project (along with several other employees), said in his resignation letter, as quoted in the Intercept piece: “I view our intent to capitulate to censorship and surveillance demands in exchange for access to the Chinese market as a forfeiture of our values and governmental negotiating position across the globe.”

Can’t see another way to view it, frankly.

SHED A TEAR, IF YOU WILL, FOR CHINA’S HIKVISION, a “global leader” in surveillance technology, which may be sanctioned by the US over its part in China’s mass suppression/torment of its Muslim minorities. Or don’t, you know; it’s up to you.

A LENOVO EXECUTIVE APPEARS TO HAVE CONFIRMED that companies selling servers in China have to backdoor them for the benefit of the authorities. And it’s not just China, it seems.

Lenovo Data Center CTO Peter Hortensius told The Inquirer: “If they want backdoors globally? We don’t provide them. If they want a backdoor in China, let’s just say that every multinational in China does the same thing. We comply with local laws. If the local laws say we don’t put in backdoors, we don’t put in backdoors. And we don’t just comply with the laws, we follow the ethics and the spirit of the laws… Likewise, if there are countries that want to have access, and there are more countries than just China, you provide what they’re asking.”

To support my work, why not become a patron of Connected Rights? If you would prefer to make a one-off donation, I also have a PayPal.me page.

BRAVE, THE OUTFIT THAT MAKES A PRO-PRIVACY BROWSER, has made a series of GDPR complaints against Google and other adtech firms. The Open Rights Group is on board.

Here’s the core of the complaint, per Brave: “Every time a person visits a website and is shown a ‘behavioural’ ad on a website, intimate personal data that describes each visitor, and what they are watching online, is broadcast to tens or hundreds of companies. Advertising technology companies broadcast these data widely in order to solicit potential advertisers’ bids for the attention of the specific individual visiting the website. A data breach occurs because this broadcast, known as an ‘bid request’ in the online industry, fails to protect these intimate data against unauthorised access. Under the GDPR this is unlawful.”

This really is going for the jugular. It may be a self-interested complaint, coming from an upstart that wants to draw attention to its own ethos, but that doesn’t mean it’s wrong.

HERE’S A GDPR ENFORCEMENT ACTION THAT PASSED without much notice until now – as just flagged up by Tim Turner and Jon Baines, the UK’s Information Commissioner hit AggregateIQ, the Cambridge-Analytica-affiliated Canadian company that worked for the pro-Brexit Vote Leave campaign, with an enforcement notice in July.

The notice required AIQ to “cease processing any personal data of UK or EU citizens obtained from UK political organisations or otherwise for the purposes of data analytics, political campaigning or any other advertising purposes.”

ANOTHER DAY, ANOTHER FACEBOOK HATE SPEECH RULING in Germany. This time, a Frankfurt regional court said Facebook can suspend someone’s account for spewing xenophobic sentiment that breaks the social network’s terms of use, even if the comment in question falls short of illegality under German hate speech laws.

Previous rulings by other regional courts have gone the other way, so at some point this will probably end up escalating to some higher court case.

ANTI-SURVEILLANCE GROUPS WON A SIGNIFICANT RULING from the European Court of Human Rights regarding the UK’s mass surveillance regime. Or at least, the version of the regime that preceded the one introduced with the Investigatory Powers Act.

The ECtHR ruled that the old regime broke European human rights rules on privacy and, because of the chilling effect on journalistic activities, free expression. The reason? Lack of proper oversight and safeguards. However, the court said GCHQ’s use of information from the NSA did not violate human rights law.

In this and an earlier ruling regarding mass surveillance in Sweden, the ECtHR seems to be taking a more permissive stance toward the idea than the European Court of Justice does (the ECJ says the idea is fundamentally flawed because of its inherent lack of targeting).

Nonetheless, this ruling does highlight problems that campaigners say have not been fixed in the new Investigatory Powers Act regime – which, despite being new, is also currently being revamped due to a UK High Court ruling that pointed out incompatibilities with European human rights law.

Here’s a piece by Graham Smith on the ruling and its implications.

If you’d like me to speak about digital rights at your event or provide advice for your business, drop me an email at david@dmeyer.eu.

THE BRITISH COMMUNICATIONS REGULATOR, OFCOM, HAS PUBLISHED a survey showing that 79% of adult internet users in the country have concerns about going online. The survey was co-sponsored by the Information Commissioner’s Office.

The biggest concerns (66%) appear to be about “online content” – child protection is the big issue here – while 58% are worried about data and privacy. More than half are worried about “interactions with other users” and hacking and security issues.

45% of respondents said they had experienced “online harm”, ranging from the receipt of spam emails to viruses, scams and fake news. More than half think social media needs more regulation.

This is useful information to have – it shows that politicians in the “do something” online censorship brigade have a willing audience/voter base. Hard to tell whether that’s the cause or result of their crusades, of course. At the same time, it shows a widespread lack of trust on the privacy and security front. Fixing that first set of concerns while not exacerbating the latter will be a tricky path for lawmakers and digital rights activists alike.

And finally, a non-digital story, but bear with me:

THE PERSONAL PRODUCTION AND CONSUMPTION OF WEED HAS BEEN DECRIMINALISED in South Africa, and the reason is… privacy. The country’s constitutional court decided yesterday that the laws banning private marijuana use infringed the constitutional right to privacy. The ruling not only upheld an earlier ruling by the Western Cape division of the High Court – it extended it. While the High Court said people should be able to grow and smoke the stuff at home, the Constitutional Court said the right to privacy was not limited to a private dwelling. Still can’t light up in public though – just in a “private place”.

Here’s an analysis of the move by Pierre De Vos.