WELCOME to Connected Rights, your banana peel on the pavement of digital rights news and analysis.

Enjoy this newsletter? Forward it to a friend or get them to sign up. I’m David Meyer, aka @superglaze on Twitter and @davidmeyerwrites on Facebook. Don’t forget to check out the Connected Rights website and download a copy of my book, Control Shift: How Technology Affects You and Your Rights. Ongi etorri!

A NOTE: As some of you will know, I have just gone fulltime as a senior writer with Fortune. I intend to keep writing this newsletter, as I enjoy doing so and many of you have told me you find it valuable. However, it is now a personal rather than professional project for me. For that reason, I have cancelled the Connected Rights Patreon page with immediate effect. To those of you who have kindly supported me through Patreon, I thank you most deeply! Now, on with the show…

THE AUSTRALIAN AUTHORITIES HAVE IGNITED a firestorm by raiding a News Corp journalist who reported last year about plans to spy on Australian citizens’ emails, text messages, bank accounts and so on.

Current intelligence-gathering legislation forbids the Australian Signals Directorate from spying on locals in this fashion, so this would be quite the change – and the feds weren’t keen on people finding out about the possibility. Federal police executed a search warrant at Annika Smethurst’s home yesterday, in relation “to an investigation into the alleged unauthorised disclosure of national security information.”

News Corp is furious. It said: “The Australian public’s right to know information about government laws that could impact their lives is of fundamental importance in our society… This raid demonstrates a dangerous act of intimidation towards those committed to telling uncomfortable truths.”

Then the feds raided News Corp’s offices today.

APPLE HAS MADE A SIGNIFICANT PRIVACY MOVE by introducing a “sign in with Apple” mechanism for online-service developers. The mechanism would rely on an iPhone’s Face ID tool for authentication, providing an alternative to Facebook, Google and Twitter’s login mechanisms, which often result in people’s personal information being shared around.

BEHAVIORAL AD-TARGETING FUNDS THE FREE WEB ECONOMY and is therefore essential despite all those surveillance-economy “fundamental rights” bleatings, right? Well, it uncomfortably turns out that publishers only get 4% more revenue for cookie-powered targeted ad impressions than they do for more privacy-respecting ones. According to a U.S. study, advertisers are paying a lot more for behaviourally targeted ads – but most of the premium goes to ad-tech companies, not those who actually publish the content!

THE CJEU ADVOCATE-GENERAL HAS DELIVERED his opinion on the case of Austrian Green politician Eva Glawischnig and the illegally defamatory Facebook post made against her. The EU’s highest court is tasked with deciding whether Facebook has to nuke “hate-speech” posts that are similar to that original comment, and whether it has to remove hate-speech posts around the world. Yes, it’s that territoriality thing.

Per Maciej Szpunar, the law in question – the eCommerce Directive – does not have much to say about territorial scope, so it “does not preclude a host provider from being ordered to remove such information worldwide”.  As for what Facebook should remove, here’s the deal: it can be ordered to remove identical comments posted by anyone, and it can be ordered to remove “equivalent” comments made by the same individual who posted the original comment, but it can’t be ordered to seek-and-destroy equivalent comments made by other people, because “an obligation to identify equivalent information originating from any user would not ensure a fair balance between the fundamental rights concerned”.

Facebook told TechCrunch: “This case raises important questions about freedom of expression online and about the role that internet platforms should play in locating and removing speech, particularly when it comes to political discussions and criticizing elected officials. We remove content that breaks the law and our priority is always to keep people on Facebook safe. However this opinion undermines the long-standing principle that one country should not have the right to limit free expression in other countries. We hope the CJEU will clarify that, even in the age of the internet, the scope of court orders from one country must be limited to its borders.”

IN MORE BAD CJEU NEWS FOR FACEBOOK, the company has failed to stop the court from hearing a case – a Max Schrems production, because why not keep things Austrian – that could threaten not only Facebook’s legal basis for processing Europeans’ data, but the whole darn Privacy Shield mechanism.

In short, Privacy Shield could go the way of its stricken predecessor, “Safe” Harbour. As Schrems stated following the Irish Supreme Court’s decision not to let Facebook block the CJEU referral: “Facebook likely again invested millions to stop this case from progressing. It is good to see that the Supreme Court has not followed Facebook’s arguments that were in total denial of all existing findings so far. We are now looking forward to the hearing at the Court of Justice in Luxembourg next month.”

THE LATEST TARGET OF RUSSIA’S GIVE-US-YOUR-USER-DATA policy is Tinder, which says it hasn’t handed over people’s dating data to the Russian authorities yet – will it do in future, though? Fun fact: Tinder is the fourth dating app to be targeted by the law. Clearly, such information is vital to combatting terrorist threats.

THE CALLER-ID APP TRUECALLER isn’t merely a data-protection-rights abuser – it’s also a threat to investigative journalists, as detailed in this IFEX piece. Same issue though: “While TrueCaller may have laudable intentions, the privacy implications for people who end up in their database raise concerns. When a number is tagged, the person who is tagged ends up having their name and phone number stored on the TrueCaller database, despite not having consented – or even being aware – that their data was collected.”

MAINE COULD GET A TOUGH (by American standards) privacy law that stops internet service providers from selling customers’ data without their permission. It would be very similar to the FCC rule on the matter that President Trump nixed.

PRIVACY FEARS ABOUT MIC-EQUIPPED “SMART” HOME DEVICES such as Amazon’s Echo speakers are supposed to be overblown on the basis that the gizmos don’t listen to what their owners say all the time – just when the owners articulate a “wakeword”, which in Amazon’s case is Alexa, the name of the company’s virtual assistant.

However, the problem for Amazon is that sometimes users issue commands ending rather than beginning in the wakeword, such as “Play some music, Alexa”. So the company has filed a patent application that described a system where the device constantly records what people are saying, to avoid this problem. On the plus side, it would only ever keep 10-30 seconds’ worth of recording in the device’s buffer, and it wouldn’t send the information to Amazon’s servers until the wakeword is uttered. Also, patents don’t necessarily lead to products. Still, it’s worth bearing in mind.