Glyn Moody’s Techdirt Profile


About Glyn MoodyTechdirt Insider

Posted on Techdirt - 17 April 2014 @ 6:49am

Snowden Asks Putin Live On TV If Russia Carries Out Mass Surveillance; But Why?

from the what-on-earth-was-he-thinking? dept

Edward Snowden has generally been staying out of the limelight so that the NSA story is about the surveillance not the whistleblower. He's given occasional interviews and delivered a few short speeches via videolink, but usually of a fairly low-key nature. That makes his unexpected appearance today on a marathon televised question-and-answer session with Vladimir Putin -- again by videolink -- extremely odd. Here's his question, as reported by The Guardian:

Snowden asked: "Does Russia intercept or store or analyse the communication of millions of individuals?" He went on to ask whether increasing the effectiveness of internal security systems could ever justify such actions.
To which Putin replied:
"Mr Snowden you are a former agent, a spy, I used to work for a intelligence service, we are going to talk the same language."

He said Russia did not have a comparable programme, stating: "Our agents are controlled by law. You have to get court permission to put an individual under surveillance. We don't have mass permission, and our law makes it impossible for that kind of mass permission to exist."

He said he was aware that "criminals and terrorists" relied on this kind of [technology], and that their actions demanded a response from the security services. "We have to use technical means to respond to their crimes, including those of a terrorist nature, we do have some efforts like that. We don't have a mass control. I hope we [w]on't do that," he said.
It's really hard to know why Snowden asked this question. Perhaps he wanted to emphasize the disproportionate nature of NSA spying by contrasting it with Russia's approach; perhaps he thought his appearance would jolt a jaded public and focus renewed attention on the key issues. But surely he must have guessed that Putin would answer as he did -- whether or not it is true -- that Russia uses surveillance strictly according to the law, that there is no massive, disproportionate spying of the kind practiced by the NSA, etc. etc. He must have known that Putin would easily turn Snowden's question into a wonderful opportunity to score points against the US.

Inevitably, then, this appearance will be leapt on by those who have maintained that Snowden is some kind of Russian spy, and that he has been working for Putin all along. As Techdirt has noted, that story doesn't stand up, but this unexpected intervention by Snowden certainly doesn't do anything to dispel it. For someone who until now has judged when and how to make public statements so skilfully and effectively, this seems like an incredible misstep. It really makes you wonder what might lie behind it.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

45 Comments | Leave a Comment..

Posted on Techdirt - 17 April 2014 @ 12:08am

How Corporate Sovereignty Threatens Democracy

from the at-most dept

As people have begun to learn about corporate sovereignty through plans to include it in TAFTA/TTIP, the European Commission has been trying to scotch the idea that it might allow corporations to dictate policies to nations. Here, for example, is a comment in the Commission's main TTIP FAQ, which tries to answer the question "Why is the EU including Investor to State Dispute Settlement in the TTIP?":

Including measures to protect investors does not prevent governments from passing laws, nor does it lead to laws being repealed. At most, it can lead to compensation being paid.
Those are all true statements in theory, but that's probably not much comfort to Romania, which has been discovering the harsh reality in the long-running discussions over whether to allow a Canadian company to create a huge open-cast gold and silver mine in the country. Here's what happened last year:
Gabriel Resources Ltd. (GBU), backed by billionaire hedge-fund manager John Paulson, threatened to seek as much as $4 billion of damages should Romanian lawmakers vote to oppose its gold mine project in the country.

"We have a very, very robust case, and we believe we have claims up to $4 billion that we can send to the Romanian state," Gabriel Resources Chief Executive Officer Jonathan Henry said today in a telephone interview. "We will go ahead and do that if the vote is against."
As the European Commission notes, the existence of a bilateral investment treaty with Canada that includes a dispute settlement mechanism did not, in itself, stop the Romanian politicians from blocking the gold mine project in the parliamentary vote, which took place in December 2013. So everything's fine, right? Democracy prevailed, and the people were heard. After all, "at most", as the FAQ helpfully reminds us, Romania will have to pay $4 billion damages at some point.

Except that, for a country with a GDP of less than $200 billion in 2013, this represents 2% of the country's entire economic production. That seems an incredibly high price to pay for the exercise of basic democracy. The danger is that faced with the threat of such enormous fines, other parliaments will lack the courage shown by Romanian's politicians, and choose to ignore the will of their people by meekly acquiescing to corporate demands.

Does GBU deserve some compensation if a project is cancelled by the local government because of widespread public concerns about its safety? Perhaps -- although business always involves some risk, and foreign investment is no different. If a company is really worried about that aspect, it can take out insurance -- from the World Bank, for example. Does GBU deserve to be awarded 2% of a country's GDP, paid for by the citizens of a land struggling to raise its living standards? That hardly seems fair. And yet it's precisely what ISDS could allow, because the arbitration panel that decides such corporate sovereignty cases is unconstrained in what it can award, and not at all concerned with what the knock-on effects might be.

But the politicians making up the European Commission should be, since they are supposed to represent the 500 million European citizens that pay their salaries. The fact that they are pushing as hard as they can for ISDS in TAFTA/TTIP shows which side they are really on, and that they are quite happy to put corporations before nations, and profits before people.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

33 Comments | Leave a Comment..

Posted on Techdirt - 16 April 2014 @ 12:11am

First Phase Of Security Audit Finds Vulnerabilities But No Backdoors In TrueCrypt Encryption Software

from the more-work-needed,-and-more-donations dept

In the wake of the serious Heartbleed flaw in OpenSSL, more people are becoming aware of how widely used and important open source encryption tools are, and how their security is too often taken for granted. Some people were already worrying about this back in September last year, when we learned that the NSA had intentionally undermined encryption by weakening standards and introducing backdoors. As Techdirt reported, that led to a call for a security audit of TrueCrypt, a very popular open source disk encryption tool. Fortunately, the Open Crypto Audit Project raised a goodly sum of money through FundFill and IndieGogo, which allowed the first phase of the audit to be funded. Here's what's now been done (pdf):

The Open Crypto Audit Project engaged iSEC Partners to review select parts of the TrueCrypt 7.1a disk encryption software. This included reviewing the bootloader and Windows kernel driver for any system backdoors as well as any other security related issues.
The good news:
iSEC found no evidence of backdoors or otherwise intentionally malicious code in the assessed areas.
However, it did still find vulnerabilities in the code it examined:
the iSEC team identified eleven (11) issues in the assessed areas. Most issues were of severity Medium (four (4) found) or Low (four (4) found), with an additional three (3) issues having severity Informational (pertaining to Defense in Depth).

Overall, the source code for both the bootloader and the Windows kernel driver did not meet expected standards for secure code. This includes issues such as lack of comments, use of insecure or deprecated functions, inconsistent variable types, and so forth.
Because of that, among the recommendations that iSEC made was the following:
Improve code quality. Due to lax quality standards, TrueCrypt source is difficult to review and maintain. This will make future bugs harder to find and correct. It also makes the learning curve steeper for those who wish to join the TrueCrypt project.
That's an important point, and probably something that other open source projects might take to heart, too. Some have called into question whether Linus's Law -- that "all bugs are shallow, given enough eyeballs" -- is really true for free software (although Eric Raymond, author of "The Cathedral and the Bazaar", has offered a robust defense of that claim.) One reason why those eyeballs may not be finding the bugs is that the code, though open, is unnecessarily hard to read.

The fact that vulnerabilities were found -- even if "all appear to be unintentional, introduced as the result of bugs rather than malice" as iSEC puts it -- is another reason why the second phase of the audit, which will look at the details of how the cryptographic functions have been implemented, is necessary. The discovery of "issues" in TrueCrypt's code also underlines why similar audits need to be conducted for all important open source security programs: if there are vulnerabilities in TrueCrypt, there are likely to be more elsewhere, perhaps much more serious. Finding them is largely a question of money, which is why companies currently free-riding on free software -- perfectly legally -- should start seriously thinking about making some voluntary contributions to help audit and improve them to prevent another Heartbleed.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

11 Comments | Leave a Comment..

Posted on Techdirt - 10 April 2014 @ 2:03pm

Dutch Immediately Ban Unauthorized Downloads After EU Court Of Justice Confirms Incompatibility With Copyright Law

from the that-was-quick dept

The Court of Justice of the European Union is pretty busy these days. Earlier this week it released its important judgment striking down the EU's Data Retention Directive; now it has given its verdict on a complicated Dutch case involving the home-copying exception of European copyright legislation, and the associated use of copyright levies on blank media. As we reported back in January, the preliminary opinion of the EU's Advocate General was that the Dutch government should not allow unauthorized downloads of copyright material, as is currently the case, and that copyright levy calculations should not take such unauthorized downloads into account. Unlike the Data Retention verdict, where the EU's Court of Justice (ECJ) went well beyond what the Advocate General suggested, here the ECJ has largely followed his advice (pdf):

the Court holds that national legislation which makes no distinction between private copies made from lawful sources and those made from counterfeited or pirated sources cannot be tolerated.
In addition, it held that a copyright levy system that does not distinguish between authorized and unauthorized copies is not fair:
Under such a system, the harm caused, and therefore the amount of the fair compensation payable to the recipients, is calculated, according to the Court, on the basis of the criterion of the harm caused to authors both by private reproductions which are made from a lawful source and by reproductions made from an unlawful source. The sum thus calculated is then, ultimately, passed on in the price paid by users of protected subject-matter at the time when equipment, devices and media which make it possible to create private copies are made available to them. Thus, all users are indirectly penalised since they necessarily contribute towards the compensation payable for the harm caused by private reproductions made from an unlawful source. Users consequently find themselves required to bear an additional, non-negligible cost in order to be able to make private copies.
This ruling has already had one immediate effect, as TorrentFreak reports:
The Dutch Government confirmed to [the Dutch Website] Tweakers that downloading copyrighted material for personal use is no longer allowed, effective immediately.
Unauthorized downloading for personal use was permitted in the Netherlands because the government there believed that EU copyright law allowed it. The ECJ's ruling establishes definitively that it doesn't, and so the downloading exemption no longer applies.

The longer-term effect on EU copyright levies is harder to predict. The Court's verdict means that countries may no longer take unauthorized copies into account when calculating how much to add to the cost of storage. It will be interesting to see whether they reduce the copyright levy as a result, as they should if they implemented the new ruling faithfully. However, given the general lack of logic or fairness behind copyright levies, that seems unlikely. The best response would be to drop the anachronistic copyright levies altogether, and for the copyright industries to launch more online services offering lots of material at fair prices to encourage users to switch from unauthorized to authorized downloads, as has happened elsewhere.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

10 Comments | Leave a Comment..

Posted on Techdirt - 10 April 2014 @ 12:12am

USTR Warns That EU-Only Cloud To Avoid NSA Surveillance May Violate Trade Agreements

from the unwise dept

The USTR seems to have a worrying need to blame other countries. Alongside the infamous Special 301 Report which puts a selection of nations on the naughty step because of their failure to bend to the will of the US copyright industries, there's the less well-known Section 1377 Review , which considers "Compliance with Telecommunications Trade Agreements." Here's some information about the latest one (pdf):

The Section 1377 Review ("Review") is based on public comments filed by interested parties and information developed from ongoing contact with industry, private sector, and foreign government representatives in various countries. This year USTR received four comments and two reply comments from the private sector, and one comment from a foreign government.
Clearly something of a specialist area, then. One of those comments comes from the United States Council for International Business, which describes itself as "among the premier pro-trade, pro-market liberalization organizations." A concern it raises is the following:
The ability to send, access and manage data remotely across borders is integral to global services, including converged and hybrid services such as cloud services. However, the tremendous increase in cross-border data flows has raised concerns on the part of many governments. Given that cross-border services trade is, at its essence, the exchange of data, unnecessary restrictions on data flows have the effect of creating barriers to trade in services.
That seems to be reflected in the following section of the USTR's review:
Recent proposals from countries within the European Union to create a Europe-only electronic network (dubbed a "Schengen cloud" by advocates) or to create national-only electronic networks could potentially lead to effective exclusion or discrimination against foreign service suppliers that are directly offering network services, or dependent on them.
In particular:
Deutsche Telekom AG (DTAG), Germany's biggest phone company, is publicly advocating for EU-wide statutory requirements that electronic transmissions between EU residents stay within the territory of the EU, in the name of stronger privacy protection. Specifically, DTAG has called for statutory requirements that all data generated within the EU not be unnecessarily routed outside of the EU; and has called for revocation of the U.S.-EU "Safe Harbor" Framework, which has provided a practical mechanism for both U.S companies and their business partners in Europe to export data to the United States, while adhering to EU privacy requirements.
Of course, Deutsche Telekom is not the only one calling for Safe Harbor to be revoked: the European Parliament's inquiry into the mass surveillance of EU citizens has also proposed that, along with a complete rejection of TAFTA/TTIP unless it respects the rights of Europeans. Strangely, the USTR doesn't mention that fact in its complaint, but goes on to say:
The United States and the EU share common interests in protecting their citizens' privacy, but the draconian approach proposed by DTAG and others appears to be a means of providing protectionist advantage to EU-based ICT suppliers.
You've got to love the idea that too much privacy protection is "draconian". The USTR continues to tiptoe around the real reason that not just Deutsche Telekom but even Germany's Chancellor, Angela Merkel, are both keen on the idea of an EU-only cloud:
Given the breath of legitimate services that rely on geographically-dispersed data processing and storage, a requirement to route all traffic involving EU consumers within Europe, would decrease efficiency and stifle innovation. For example, a supplier may transmit, store, and process its data outside the EU more efficiently, depending on the location of its data centers. An innovative supplier from outside of Europe may refrain from offering its services in the EU because it may find EU-based storage and processing requirements infeasible for nascent services launched from outside of Europe.
The USTR saves what it obviously sees as its killer punch for last:
Furthermore, any mandatory intra-EU routing may raise questions with respect to compliance with the EU's trade obligations with respect to Internet-enabled services. Accordingly, USTR will be carefully monitoring the development of any such proposals.
Got that, Europeans? If you dare to try to protect yourselves by creating a slightly more secure EU-only cloud in response to the NSA breaking into everything and anything, you may find yourself referred to the World Trade Organization or something....

It's interesting that the USTR brings up this issue -- doubtless a reflection of the huge direct losses that revelations about massive surveillance on Europeans and others are likely to cause the US computing industry. But trying to paint itself as the wronged party here is not going to endear the USTR to European politicians. At a time when Safe Harbor and even the TAFTA/TTIP negotiations are being called into question in the EU, such an aggressive and insulting stance seems a very stupid move.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

60 Comments | Leave a Comment..

Posted on Techdirt - 8 April 2014 @ 11:06am

EU Data Retention Requirements Ruled 'Invalid' By EU Court Of Justice

from the no-more-"because-terrorism" dept

Back in December, we reported on a slightly mixed ruling from the EU Court Of Justice's Advocate General regarding the 2006 Data Retention Directive, which obliges European telecom companies to retain metadata about their customers. Although the Advocate found the Directive incompatible with fundamental European rights, he proposed merely suspending it until it was fixed. His opinion was not binding on Europe's highest court, but was generally regarded as indicative of the final verdict.

Today, the EU Court Of Justice (ECJ) handed down its judgment. As expected, it does follow the same general lines as the Advocate's view, but in a surprising and welcome turn of events, it goes far beyond it in the harshness of its condemnation and finality of its ban (pdf)

The Court of Justice declares the Data Retention Directive to be invalid

It entails a wide-ranging and particularly serious interference with the fundamental rights to respect for private life and to the protection of personal data, without that interference being limited to what is strictly necessary.
The ECJ clarified what exactly it meant when it declared the Directive "invalid":
Given that the Court has not limited the temporal effect of its judgment, the declaration of invalidity takes effect from the date on which the directive entered into force.
In other words, it is not just invalid from today's judgment, it was invalid from the moment it came into existence -- a pretty stunning slap down. The Court has no hesitation in declaring that blanket data retention interferes with fundamental rights (the emphasis below is in the original):
The Court takes the view that, by requiring the retention of those data and by allowing the competent national authorities to access those data, the directive interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data. Furthermore, the fact that data are retained and subsequently used without the subscriber or registered user being informed is likely to generate in the persons concerned a feeling that their private lives are the subject of constant surveillance.
Equally, the Court does recognize that there are valid circumstances for retaining such personal data:
the retention of data for the purpose of their possible transmission to the competent national authorities genuinely satisfies an objective of general interest, namely the fight against serious crime and, ultimately, public security.
The key issue -- one that Techdirt has emphasized many times -- is proportionality, and here the ECJ has no doubts:
the Court is of the opinion that, by adopting the Data Retention Directive, the EU legislature has exceeded the limits imposed by compliance with the principle of proportionality.
The Court goes on to list three specific ways in which the Data Retention Directive fails the test of proportionality. First, it notes that the Directive specifies that all data must be retained, without any kind of "differentiation, limitation or exception being made in the light of the objective of fighting against serious crime." That is, the "collect it all mentality" that has infected security services is inherently disproportionate and thus unacceptable.

The Court then notes that there are no objective criteria that can be used to assess whether the police or other authorities are allowed to access that data: again, pretty much anything goes with the current Directive. In addition:

the directive does not lay down substantive and procedural conditions under which the competent national authorities may have access to the data and subsequently use them. In particular, the access to the data is not made dependent on the prior review by a court or by an independent administrative body.
It's perhaps not surprising to see Europe's highest court insisting that national authorities need to ask a judge for permission to access highly personal data, but it's a hugely important reminder of the need to do so against a background where governments seem to regard such formalities as optional and dispensable.

Finally, the ECJ points out that there are no objective criteria for setting the Directive data retention period as between six and 24 months, and that no distinctions are made based on the kind of data stored, and about whom. It also notes that the Directive does not address the important issues of abuses or unlawful access, that nothing is said about how data should be destroyed at the end of the retention period, and there is no requirement for data to be retained within the EU at all times.

As with the Advocate's opinion, the ECJ's judgment offers implicit guidance on how the major flaws in the Data Retention Directive might be addressed -- with the important difference that the Court has imposed far more stringent conditions that will require those drafting any new Directive to be much more cautious in the requirements they lay down. Even if that's possible, the end result is likely to be a far meeker version of the current Directive.

It's also not yet clear what the status of existing national legislation implementing the Directive is now. These laws were passed by the EU member states in order to comply with the Directive; now that the Directive is invalid, it presumably means that they, too, are invalid. Will they be repealed by governments, or will they continue until challenged in national courts? Those are questions that politicians and lawyers around Europe will doubtless be discussing with some urgency. Here's what the European Commission claims:

National legislation needs to be amended only with regard to aspects that become contrary to EU law after a judgment by the European Court of Justice. Furthermore, a finding of invalidity of the Directive does not cancel the ability for Member States under the e-Privacy Directive (2002/58/EC) to oblige retention of data.
One thing is for certain: the large-scale and disproportionate surveillance activities carried out by the NSA and GCHQ within Europe, which bear many similarities to those authorized under the Data Retention Directive, cannot now be justified by invoking "national security". Today's ruling by the EU Court of Justice means that "because terrorism" is no longer a trump card that can be used in Europe to justify anything and everything.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

26 Comments | Leave a Comment..

Posted on Techdirt - 7 April 2014 @ 5:00am

Net Censors Arrested In China For Taking Bribes To Delete Unflattering Posts As Well As The 'Harmful' Ones

from the gaming-the-system dept

Techdirt has run a number of stories about China's increasingly pervasive Net censorship, which operates both domestically and further afield. According to this story in Index on Censorship, China seems to think its system still needs bolstering:

The Chinese government has revealed it is expanding their censorship of the internet with a new training programme for the estimated two million "opinion monitors" Beijing organised last year.


Once trained, monitors will "supervise" the posting of social media messages, deleting those that are deemed harmful. Beijing claims to have deployed "advanced filtering technology" to identify problematic posts, and will need to "rapidly filter out false, harmful, incorrect, or even reactionary information," according to Xinhua.

Internet monitoring in China is an intensive process. Censored search terms are often placed on the list and then removed as a situation develops.
That fluid situation and the huge numbers of people involved mean that it's hard to monitor the monitors -- generally a problem with censorship. So it was probably inevitable that some Net censors would start taking advantage of their power to earn a little extra money:
Beijing police have detained at least 10 people, including employees at Baidu, the leading Chinese-language Internet search provider, over allegations of abusing their positions to delete online posts in return for money, the Beijing News reports.
The idea was simple, as the China News post quoted above explains:
staff searched for unfavorable posts about enterprises and government departments, then charged hundreds of yuan to delete the posts.


The posts covered a wide range of issues, including forced demolitions, pollution problems, extramarital affairs and bribery by officials, as well as product quality and companies in financial crises
Combined with the millions who will be censoring a changing list of forbidden topics, this will make it even harder for Chinese citizens to find out what's going on from the mainstream Internet sites. That might encourage users to explore less well-known services in an effort to avoid such massive censorship, causing the Chinese authorities to recruit even more "opinion monitors."

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

15 Comments | Leave a Comment..

Posted on Techdirt - 3 April 2014 @ 5:29am

Microsoft-Sponsored Study Says Problems Caused By Using Windows Software Will Cost Businesses $500 Billion In 2014

from the awkward dept

The copyright industries' obsession with trying to shoot down piracy at all costs can sometimes cause them to end up shooting themselves in the foot. Here, for example, is a great example from Microsoft, which has recently been fulminating against the dangers of software piracy:

A new study released Tuesday reaffirms what we in Microsoft’s Digital Crimes Unit have seen for some time now -- cybercrime is a booming business for organized crime groups all over the world. The study, conducted by IDC and the National University of Singapore (NUS), reveals that businesses worldwide will spend nearly $500 billion in 2014 to deal with the problems caused by malware on pirated software. Individual consumers, meanwhile, are expected to spend $25 billion and waste 1.2 billion hours this year because of security threats and costly computer fixes.
The study fills out the picture with some details of the methodology (pdf):
In 2013 IDC tested pirated software from more than 550 Web and P2P sites or CDs bought in street markets to determine the prevalence of malware in pirated software. In January and February of 2014, the Department of Electrical and Computer Engineering at National University of Singapore conducted a forensic analysis of 203 PCs that were purchased from PC resellers, specialty shops, and PC markets in typical buying situations in 11 countries. Together, this research found the chances of encountering malware in a pirated copy of software is one in three. The chance of encountering malware in a PC purchased with pirated software is more than 60%.
Although the report doesn't say so explicitly, we are clearly dealing with Windows systems here -- computers are referred to throughout as "PCs," never as Macs, and some of the malware is named as "Win32/Enosch.A, Win32/Sality.AT, Win32/Pramro.F," which attack Windows systems exclusively. We can also be pretty sure that none of the infected programs was open source. Why? Because pirating software that is already freely available makes no sense -- and is certainly unlikely to be as profitable as offering black market versions of costly closed-source programs.

Putting this information together -- in order to "Get The Facts" as Microsoft always liked to say -- we arrive at the interesting conclusion that the use of commercial closed-source programs running on Microsoft Windows will cost businesses around $500 billion in 2014 alone because of the wasted time, lost data and reputational damage that will result from associated malware infections.

Assuming the research results are representative of what's happening -- and there's no reason to suppose they aren't -- the obvious conclusion to draw from them for PC users is not just to stop using pirated software (a good idea), but to stop using Windows-based programs too, and to switch to open source applications running on an open source operating system like GNU/Linux. After all, free software is even cheaper than pirated software, and yet rarely has any of the problems identified in the new report.

That's a really useful message for those facing the unwelcome prospect of paying their share of $500 billion to deal with the multiple problems associated with the Windows platform, but probably not the one Microsoft had in mind when it sponsored the research.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

112 Comments | Leave a Comment..

Posted on Techdirt - 2 April 2014 @ 8:17pm

Towards The Total Surveillance State: Ethiopia

from the they-know-everything-we-do dept

One of the most disturbing aspects of Edward Snowden's leaks is that they reveal the total surveillance state, where the authorities monitor everything, and know everything, is no mere abstraction. Where before such a vision was the domain of tinfoil-wearing, conspiracy theorists, today it is only a couple of "hops" from reality. Given that the enabling technology is available, you might have expected there would already be a few nations that have moved close to the total surveillance state; but you might be surprised to learn that one of them is Ethiopia. A new and chilling report published recently by Human Rights Watch, entitled "They Know Everything We Do: Telecom and Internet Surveillance in Ethiopia," explores the evidence in detail (pdf):

The Ethiopian government has maintained strict control over Internet and mobile technologies so it can monitor their use and limit the type of information that is being communicated and accessed. Unlike most other African countries, Ethiopia has a complete monopoly over its rapidly growing telecommunications sector through the state-owned operator, Ethio Telecom. This monopoly ensures that Ethiopia can effectively limit access to information and curtail freedoms of expression and association without any oversight since independent legislative or judicial mechanisms that would ensure that surveillance capabilities are not misused do not exist in Ethiopia.
Here's what that means in practice:
Websites of opposition parties, independent media sites, blogs, and several international media outlets are routinely blocked by government censors. Radio and television stations are routinely jammed. Bloggers and Facebook users face harassment and the threat of arrest should they refuse to tone down their online writings. The message is simple: self-censor to limit criticism of the government or you will be censored and subject to arrest.
Self-censorship is a real threat in countries with widespread surveillance -- even in those not as far down the path as Ethiopia. Indeed, self-censorship is probably one of the first negative consequences of any increasingly-pervasive surveillance regime.
Information gleaned from telecom and Internet sources is regularly used against Ethiopians arrested for alleged anti-government activities. During interrogations, police show suspects lists of phone calls and are questioned about the identity of callers, particularly foreign callers.
That shows concretely how "mere" metadata can be used against people, and why gathering it is so worrying. But the Ethiopian government does not limit itself to gathering information from existing sources:
Some high-profile Ethiopians in the diaspora have been targeted with highly advanced surveillance tools designed to covertly monitor online activity and steal passwords and files.
It does this thanks to technology acquired from the West -- the report mentions Gamma/FinFisher and Hacking Team, both European companies. Human Rights Watch concludes its summary as follows:
Ethiopia should not only ensure that an appropriate legal framework is in place to protect and respect privacy rights entrenched in international law, but also that this legal framework is applied in practice. Companies that provide surveillance technology, software, or services should adopt policies to ensure these products are being used for legitimate law enforcement purposes and not to repress opposition parties, journalists, bloggers, and others.
Sadly, neither of those seems very likely to happen, as total surveillance continues to spread around the world, passing from a vague dystopian fear into a mundane fact of life.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

12 Comments | Leave a Comment..

Posted on Techdirt - 2 April 2014 @ 12:02am

EU Commission's Consultation On Corporate Sovereignty Ignores Key Issue, But Shows That Real Transparency Is Possible

from the close,-but-not-close-enough dept

One of the most dramatic developments in the negotiations for TAFTA/TTIP was the announcement that the European Commission would be holding a consultation on the corporate sovereignty chapter. That was a result of the growing concerns about placing corporations on the same level as nations, and allowing the former to sue the latter for alleged loss of future profits caused by policy changes, for example. Here's what the European Commission has to say on the consultation's home page:

The European Commission is consulting the public in the EU on a possible approach to investment protection and ISDS in the TTIP. The proposed approach contains a series of innovative elements that the EU proposes using as the basis for the TTIP negotiations. The key issue on which we are consulting is whether the EU's proposed approach for TTIP achieves the right balance between protecting investors and safeguarding the EU's right and ability to regulate in the public interest.
It's deeply troubling to see the European Commission admitting that it will trade off the EU's right and ability to regulate in the public interest in order to protect investors, when the former should always be paramount.

The good news is that anyone can submit their comments, and that they have until June 21 to do so; the bad news is that the consultation is purely about the "modalities for investment protection and ISDS in TTIP" -- not about whether it should be present at all. That's particularly surprising given that most of the document is a litany of ISDS's problems (pdf): lack of clarity, uncertainty, opacity, inconsistency, capricious decisions, biased arbitrators, conflicts of interest, frivolous claims, no possibility for appeals -- the list goes on and on. Even though the consultation seeks input on solving these many and serious problems, the overriding impression is that ISDS is a dangerous and irremediable mess.

However, the consultation document does bring one unexpected bonus: official versions of the equivalent sections of the Canada-EU trade agreement (CETA). The Introduction to the consultation explains why:

Each issue is illustrated using reference texts as examples, taken from other investment agreements and from the approach developed in the EU - Canada (CETA) negotiations, which is the most recent text negotiated by the EU.
The implication is that CETA represents the latest thinking of the European Commission on the subject of corporate sovereignty, and that it will form the basis for its approach in TAFTA/TTIP. But there's a big problem with that. As we reported a few weeks ago, the ISDS chapter in CETA is riddled with problems, some extremely serious.

Of course, the European Commission will probably reply that the consultation is designed to rectify problems that people find. Although that's a fair point, it misses a larger one: that you don't bother fixing problems in something you don't need, and the European Commission has failed to make the case that corporate sovereignty is necessary. It's not needed because both sides have extremely well-established and effective legal systems. And it's not needed because even in its absence, transatlantic investment is already taking place on a massive scale -- as the Commission's own page on trade between the US and EU makes clear:

Total US investment in the EU is three times higher than in all of Asia.

EU investment in the US is around eight times the amount of EU investment in India and China together.

EU and US investments are the real driver of the transatlantic relationship, contributing to growth and jobs on both sides of the Atlantic. It is estimated that a third of the trade across the Atlantic actually consists of intra-company transfers.
Specifically, the US has invested 1.344 trillion euros in Europe, while EU companies have invested 1.421 trillion euros in the US. ISDS is not necessary, because there is simply no problem that needs solving here.

Since the European Commission's consultation fails to explore the central question, it is largely a waste of time. However, it does have the huge virtue of showing that transparency is possible: despite this unveiling of the EU's strategy in the area of investment, the sky is not falling. It thus makes clear why openness can and should be extended to all of TAFTA/TTIP, with the possible exception of a few areas where specific figures would need to be withheld for negotiating purposes. Ironically, the consultation document even explains why transparency is vital:

Transparency is essential to ensure the legitimacy and accountability of the system. It enables stakeholders interested in a dispute to be informed and contribute to the proceedings. It fosters accountability in arbitrators, as their decisions are open to scrutiny.
Exactly the same could be said about TTIP, which means that the European Commission's proposals to increase transparency for the corporate sovereignty chapter should also be applied to the entire agreement:
The EU will include provisions to guarantee that hearings are open and that all documents are available to the public. In ISDS cases brought under TTIP, all documents will be publicly available (subject only to the protection of confidential information and business secrets) and hearings will be open to the public. Interested parties from civil society will be able to file submissions to make their views and arguments known to the ISDS tribunal.
If transparency is essential to ensure the "legitimacy and accountability" of ISDS, it's even more vital for TAFTA/TTIP. The release of this consultation on corporate sovereignty is a welcome first step, but it is only that: the US and EU must routinely release negotiating documents -- at the very latest, as they are tabled, and ideally, before that. Failure to do so simply undermines TTIP's "legitimacy and accountability" and means that the widespread and growing rejection of ISDS could well spread to the rest of the agreement.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

8 Comments | Leave a Comment..

Posted on Techdirt - 1 April 2014 @ 4:08pm

Tone Of Comments Affects Perception Of Online Article's Content

from the who-are-you-calling-names? dept

One of the defining characteristics of online journalism is the possibility for readers to respond immediately, and to debate with each other in the comments -- something that was much harder and slower in pre-digital days. Generally, that has been regarded as welcome, since it means that authors can engage more easily with their readers, and the latter become active participants rather than simply passive recipients.

However, some research in the field of science journalism suggests that there might be a serious downside to this ability of the readers to express their views freely:

about 2,000 people were asked to read a balanced news report about nanotechnology followed by a group of invented comments. All saw the same report but some read a group of comments that were uncivil, including name-calling. Others saw more civil comments.

"Disturbingly, readers' interpretations of potential risks associated with the technology described in the news article differed significantly depending only on the tone of the manipulated reader comments posted with the story," wrote authors Dominique Brossard and Dietram A. Scheufele.

"In other words, just the tone of the comments . . . can significantly alter how audiences think about the technology itself."
Although the research was about science articles, it would be reasonable to assume a similar effect occurs for most kinds of online journalism, with "uncivil" comments leading to skewed perceptions of the matter being discussed. Good thing Techdirt readers never resort to name calling...

Follow me @glynmoody on Twitter or, and on Google+

51 Comments | Leave a Comment..

Posted on Techdirt - 1 April 2014 @ 12:07am

Hundreds Of Thousands Take To The Streets Of Taiwan To Protest Against Trade Agreement's Lack of Scrutiny

from the sound-familiar? dept

One of the key problems with both the Trans-Pacific Partnership (TPP) agreement, and the Transatlantic Trade and Investment Partnership (TTIP), is the lack of scrutiny. Both deals are being negotiated in almost complete secrecy, with very little information being released officially. The justification for this, such as it is, is that the public will have a chance to see the agreements once they are finished, and that this is the appropriate time for transparency. The emptiness of that promise has been shown by the Polish Ministry of Economy's reply to some questions from the Modern Poland Foundation:

all the information the EU member states obtained from the European Commission is classified and it is not possible to pass it on outside the state administration. This also concerns the Foundation's request to access the text of the chapter on IPR and the Polish stance in this matter.

In compliance with the EU practices, the text of the treaty will be made available only in the final stage of the negotiations, after the signing of the document by both parties.
As that makes clear, the public will only get to see TTIP after it has been signed, when it can no longer be changed. The European Commissioners' idea of transparency turns out to be a cruel joke at the expense of the public that pays their not-inconsiderable salaries.

However, TTIP and TPP are not the only trade agreements being negotiated behind closed doors. Another has been concluded between China and Taiwan, with a similar lack of scrutiny. In scenes that recall the demonstrations across Europe when people found that they had no power to change ACTA, hundreds of thousands of demonstrators have taken to the streets of Taiwan's capital city, Taipei:

Large crowds of demonstrators took to the streets of Taipei to protest efforts by the government to approve a trade pact with Beijing and show support for the students who have occupied Taiwan's legislature for nearly two weeks.

Organizers estimated that at least 350,000 people were gathered, as of 2 p.m., on the streets around the Presidential Office Building to express discontent over a pact that would open up dozens of service fields to cross-strait investment. Police counted 116,000 demonstrators by 4 p.m., according to Taiwan's Central News Agency, while some television news stations put the number as high as 700,000.
As the New York Times article quote above explains, a key complaint is the fact that there would be no meaningful scrutiny:
While many demonstrators are opposed to the service trade pact, the most widely held complaint was that the measure has not been sufficiently examined. A poll before the occupation of the legislature indicated that more than 70 percent of respondents supported a line-by-line review of the pact.
That line-by-line review is precisely what granting "fast track authority" to the White House and USTR would make impossible for TPP and TTIP; instead, Congress would have a single "yes" or "no" vote on whether to accept one or both. The ACTA demonstrations in Europe led to the agreement being rejected by the European Parliament two years ago; now it looks like the Taiwanese authorities have also admitted defeat:
On Saturday, [Taiwan's President] Mr. Ma attempted to respond to some of the students' demands, saying he would back an itemized review of the trade pact and a law that would allow the legislature to more closely monitor agreements with Beijing.
In the light of the massive protests that swept through Europe in 2012, and those now filling the streets of Taipei, both of which were triggered by the refusal to allow any meaningful scrutiny of trade agreements that would have major consequences for everyday life, the question has to be: do the USTR and European Commission really want to run the risk of repeating that experience by pushing through TPP and TTIP in exactly the same undemocratic manner?

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

14 Comments | Leave a Comment..

Posted on Techdirt - 31 March 2014 @ 3:33am

USTR Starts To Panic Over Calls To Take Corporate Sovereignty Out Of TAFTA/TTIP

from the is-that-the-best-you've-got? dept

The pressure is really building on the US and EU over the corporate sovereignty provisions in TAFTA/TTIP. As we reported back in January, the European Commission has put on hold the negotiations for the investor-state dispute settlement (ISDS) chapter while it conducts a public consultation on the subject. The USTR seemed to be trying to tough it out, but it has finally cracked and released what it calls "The Facts on Investor-State Dispute Settlement: Safeguarding the Public Interest and Protecting Investors" in an attempt to bolster support for the idea. Its mere existence shows that the USTR is worried about losing the ISDS argument in the court of public opinion, and the answers, many of which are misleading or downright wrong, confirm this. Here's the rationale for releasing the document:

There are a lot of myths out there suggesting that ISDS somehow limits our ability -- or our partners' ability -- to regulate in the interest of financial stability, environmental protection, or public health. Some have even suggested that a company could sue a government just on the grounds that the company isn't earning as much profit as it wants.

These assertions are false.
The USTR gives some context for corporate sovereignty provisions:
Over the last 50 years, nearly 3,200 trade and investment agreements among 180 countries have included investment provisions, and the vast majority of these agreements have included some form of ISDS. The United States entered its first bilateral investment treaty (BIT) in 1982, and is party to 50 agreements currently in force with ISDS provisions.
Although that seeks to give the impression that corporate sovereignty is absolutely standard and nothing to worry about, what it omits to mention is that the vast majority of those 3,200 trade agreements have been one-sided: they have been about rich, Western nations investing in poor developing ones. As such, ISDS has been a means for the former's corporations to bully the latter, who are powerless to object, since they are desperate for foreign investment, and must accept the terms imposed on them.

Contrast this with TAFTA/TTIP. For the first time, a trade agreement between two massive economic powerhouses will involve corporate sovereignty. That means that US corporations will be able to sue the EU and its member states, but also that EU corporations will be able to sue the US. The scale of the threat is unprecedented: there are 75,000 cross-registered companies with subsidiaries in both the EU and the US that could launch ISDS attacks under TTIP. This is totally unlike any of those 3,200 trade agreements the USTR mentions.

There then follow the eight "facts you should know about ISDS provisions under U.S. trade agreements". According to the USTR these:
1. Provide basic legal protections for American companies abroad that are based on the same assurances the United States provides at home.

Investment protections are intended to prevent discrimination, repudiation of contracts, and expropriation of property without due process of law and appropriate compensation. These are the same kinds of protections that are included in U.S. law. But not all governments protect basic rights at the same level as the United States. Investment protections are intended to address that fact.
So by its insistence on ISDS in TAFTA/TTIP, is the US saying that the EU does not offer "the same kinds of protections that are included in U.S. law"? Seriously?
2. Protect the right of governments to regulate in the public interest.

The United States wouldn't negotiate away its right to regulate in the best interest of its citizens, and we don’t ask other countries to do so either. Our investment rules preserve the right to regulate to protect public health and safety, the financial sector, the environment, and any other area where governments seek to regulate. U.S. trade agreements do not require countries to lower their levels of regulation.
Well, some people might beg to differ on the first claim there, but leaving that aside, the second claim is easily refuted. As Techdirt reported in October last year, the provincial government of Quebec in Canada is being sued over a moratorium on fracking it brought in to allow time for scientific studies of the potential impact. That was under the North American Free Trade Agreement (NAFTA), which includes ISDS, and is a clear case of environmental protection being threatened by corporate sovereignty.
3. Do not impinge on the ability of federal, state, and local governments to maintain (or adopt) any measure that they deem necessary.

Under our investment provisions, no government can be compelled to change its laws or regulations, even in cases where a private party has a legitimate claim that its basic rights are being violated and it is entitled to compensation.
Although that's true, it misses the point, which is that the mere threat of being sued under ISDS causes governments to drop legislation before it is even introduced. Here, for example, is what happened in Canada under NAFTA in this regard:
Carla Hills, the US Trade Representative who oversaw the NAFTA negotiations for Bush I and now heads her own trade-consulting firm, was among the very first to play this game of bump-and-run intimidation. Her corporate clients include big tobacco--R.J. Reynolds and Philip Morris. Sixteen months after leaving office, Hills dispatched Julius Katz, her former chief deputy at USTR, to warn Ottawa to back off its proposed law to require plain packaging for cigarettes. If it didn't, Katz said, Canada would have to compensate his clients under NAFTA and the new legal doctrine he and Hills had helped create [ISDS]. "No US multinational tobacco manufacturer or its lobbyists are going to dictate health policy in this country," the Canadian health minister vowed. Canada backed off, nevertheless.

A former government official in Ottawa told me: "I've seen the letters from the New York and DC law firms coming up to the Canadian government on virtually every new environmental regulation and proposition in the last five years. They involved dry-cleaning chemicals, pharmaceuticals, pesticides, patent law. Virtually all of the new initiatives were targeted and most of them never saw the light of day."
The "facts" continue:
4. Do not expose state or local governments to new liabilities.

Under our Constitution and laws, investors frequently exercise their rights in U.S. courts. For example, in recent years, the U.S. government has defended hundreds of cases in U.S. courts under the Constitution's "takings clause," which requires compensation for expropriations. State and local governments have likewise defended many such claims. By contrast, the United States has only been sued 17 times under any U.S. investment agreement and has never once lost a case.
As well as confirming that ISDS tribunals are quite unnecessary, since US courts can be used instead, this overlooks the fact that the US has never had ISDS clauses in agreements with nations where large numbers of well-resourced corporations were able to take advantage of them. The EU has thousands of companies who can -- and will -- sue once they get the opportunity.
5. Provide no legal basis to challenge laws just because they hurt a company' profits.

Our investment rules do not in any way guarantee a firm’s rights to any profits or to its projected financial outcomes.
A year ago, we wrote about Eli Lilly suing Canada under NAFTA for "indirect expropriation" of future profits. That case hasn't been adjudicated yet, but obviously some company lawyers think NAFTA does indeed allow challenges just because projected financial outcomes suffer.
6. Include strong safeguards to deter frivolous challenges to legitimate public interest measures.

The United States has proposed additional safeguards that include stricter definitions than are in most investment agreements of what is required for successful claims, as well as mechanisms for expedited review and dismissal of frivolous claims, payment of attorneys' fees, consolidation of duplicative cases, and transparency.
If the US thinks its ideas are so good, it should publish them. After all, there's nothing confidential there -- what possible reason is there to discuss them behind closed doors?
7. Ensure fair, unbiased, and transparent legal processes.

The United States is committed to ensuring the highest levels of transparency in all investor-state proceedings.


8. Ensure independent and impartial arbitration.

Investor-state arbitration is designed to provide a fair, neutral platform to resolve disputes.
These are more aspirations than "facts" The reality is very different, as is evident from the official United Nations Conference on Trade And Development (UNCTAD) report on the reforming corporate sovereignty chapters, published in June last year (pdf), which contradicts the USTR's assertions that everything is just fine by noting:
Concerns with the current ISDS system relate, among others things, to a perceived deficit of legitimacy and transparency; contradictions between arbitral awards; difficulties in correcting erroneous arbitral decisions; questions about the independence and impartiality of arbitrators, and concerns relating to the costs and time of arbitral procedures.
As the above indicates, the USTR's defense of corporate sovereignty is weak in the extreme. If these "facts" are the best it has got, it's easy to see why ISDS is in such trouble and likely to be dropped from TAFTA/TTIP.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

37 Comments | Leave a Comment..

Posted on Techdirt - 28 March 2014 @ 12:01am

Latin American Revolution: Chile's New Government Wants To Open Up TPP

from the el-pueblo-unido dept

Last year, the US government was adamant that TPP would be finished by the end of 2013. And yet here we are, well into 2014, with no sign that things are anywhere near completion. That slippage is more than just embarrassing: it could have major implications for the treaty. TPP has dragged on for so long there's a new President in Chile, Michelle Bachelet, and she's more doubtful than her predecessor about the value of TPP to her country and its people.

Those doubts are starting to make themselves felt. In a recent speech (original in Spanish), Bachelet said that she wanted Chile to regain its role as a promoter of Latin American integration. That would represent a turning away from TPP, which is based on the Pacific Rim, and only includes two three other countries from Latin America -- Mexico, Colombia and Peru. In an interview with El Mercurio, Bachelet's new Minister for External Relations, Heraldo Muñoz, echoed this policy shift by emphasizing the importance of improving his country's relations with Brazil and Argentina. He also revealed some of Chile's new thinking on TPP (original in Spanish):

"In my meeting with [USTR] Michael Froman, I expressed Chile's position, which is to examine the content of the [TPP] negotiations with care, and to act transparently. We are going to consult with businesses, with civil society, so that these aren't closed negotiations. In addition, I said to Froman that Chile has sensitive areas where we are not prepared to go beyond the FTA [free trade agreement] with the US. There are areas such as intellectual property, the regulation of state-owned companies, or the Central Bank, which are red lines for us."
The theme of transparency was picked up in another interview, this time with the new director of Chile's Department of International Economic Relations, Andrés Rebolledo, which appeared in La Segunda (original in Spanish):
"We received some criticism (for how the [TPP] negotiations were conducted previously) and it appeared to us that there's an important opening for creating greater transparency with the various stakeholders who are involved and who are interested in the negotiations."
Rebolledo aims to do this by creating a new advisory group, which will include not just business interests, but also NGOs and other civil society groups:
We will establish a dialog with them and we are going to hand over elements of the negotiations -- those which are on the table, and of interest.

For us, as the government, it's beneficial from the perspective that we will obtain inputs that will help us better conduct the negotiations.
For TPP, whose negotiations have been some of the most secretive ever, with almost no real transparency, the plans of Chile's new President are not just a breath of fresh air, they are little short of revolutionary.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

15 Comments | Leave a Comment..

Posted on Techdirt - 27 March 2014 @ 10:03am

German Court Says Creative Commons 'Non-Commercial' Licenses Must Be Purely For Personal Use

from the YMMV dept

Creative Commons licenses have been hugely successful in allowing people to share their creations in ways otherwise impossible using traditional copyright monopolies. But one problem remains unresolved: what exactly does the "non-commercial" license allow you to do? This lack of clarity has led various people to advocate avoiding the use of CC-NC. Back in 2012, Techdirt reported on a call to drop completely both the non-commercial and the no-derivatives licenses. In the same year, a group of German copyright experts released in collaboration with Wikimedia a document entitled "Consequences, Risks, and side-effects of the license module Non-Commercial -- NC", which was made available in an English translation the following year (PDF).

Now a German court has weighed in on the subject, with interesting results (original in German.) The case concerned the use of a photo from Flickr, released under a CC-BY-NC license. The photo appeared on the Web site of Deutschlandradio, part of the German public broadcaster -- a non-commercial organization, that is. Alongside the photo, Deutschlandradio's Web site included the name of the artist, the license, and a link to its terms. Despite this, the photographer demanded 310 Euros plus costs on the grounds that Deutschlandradio had used the photo for commercial purposes.

The public broadcaster pointed out that there was no charge for its Web site, there was no advertising, and no sponsorship. Nonetheless, the judge agreed it should be treated as a commercial use. In coming to this view, the judge drew on German law, which defined "non-commercial" as purely for personal use, and excluded all commercial use in the "generally accepted sense", and that apparently included radio stations, irrespective of how they were funded.

As this underlines, quite what "non-commercial" means is likely to vary from country to country, and possibly even judge to judge. Yet another reason to avoid using CC-BY-NC altogether.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

36 Comments | Leave a Comment..

Posted on Techdirt - 27 March 2014 @ 12:07am

Brazil's 'Marco Civil' Internet Civil Rights Law Finally Passes, With Key Protections Largely Intact

from the leading-the-world dept

We first wrote about Brazil's 'Marco Civil' back in October 2011, when we described it as a kind of "anti-ACTA". That's because it was designed to protect online rights, not diminish them, and was the product of a democratic and transparent process, not of secret corporate lobbying. As Global Voices explains:

the bill was developed through a uniquely open public process. Over the course of several months in 2009 and 2010, citizens were invited to contribute suggestions and criticism to an early draft of the bill using an open online platform. Nearly 2,000 people participated in the process -- the bill was substantially revised and re-shaped to reflect public concern. As one popular meme (below) put it, the Marco Civil "does not belong to a [political] party. It belongs to Brazilians."
Precisely because it was not yet another corporate wishlist, but sought to enshrine fundamental user rights, it was fiercely attacked by an array of industries. In November 2012, it looked like Marco Civil had been killed off by the lobbyists, but in 2013 it showed signs of life again. Now comes the good news that it has finally passed a key vote in Brazil’s Chamber of Deputies; significantly, digital activism once more played a crucial role:
#EuQueroMarcoCivil – "I want Marco Civil." It was with this hashtag that Brazilians and supporters around the world pushed mightily yesterday for the passage of the Marco Civil da Internet, the unprecedented "Constitution" or "Bill of Rights for the Internet" that has been brought to Brazil's Chamber of Deputies nine times since 2012. Late in evening, the Chamber approved the one-of-kind bill that ensures fundamental rights of free expression and privacy online.

Throughout the day, Twitter users touted the bill's many safeguards for fundamental user rights to free expression, privacy, and access to information using the #MarcoCivil and #EuQueroMarcoCivil hashtags. In Brasilia, the nation's capital, supporters voiced their support using signs, t-shirts, and other creative methods.
As an article on notes, although not perfect, it's a great result:
Considering how terrible some of the proposed amendments to Marco Civil were, the approved text is largely positive. It is definitely not the ideal version of law. But it is a much better one than expected, and probably the best possible outcome given the existing political limitations.
Here's's summary of the Marco Civil's main features:
Data retention

Brazil was dangerously close to establishing a period of 5 years of mandatory data retention before discussions on Marco Civil began. Unfortunately, the bill still has provisions to that effect, but the period is much shorter for ISPs providing connectivity services (1 year).


Net neutrality Brazil has taken a major step forward in preserving net neutrality, following the example set by countries such as Chile and the Netherlands. Marco Civil establishes the general principle that net neutrality should be guaranteed, and further regulated by a presidential decree, with inputs from both the Brazilian Internet Steering Committee ( and ANATEL, the national telecommunications agency.

Intermediary liability One of the main provisions of Marco Civil deals with the difficult subject of intermediary liability due to content uploaded by third parties. The system in Marco Civil establishes that intermediaries can only be held liable if they do not comply with a court order explicitly demanding content to be removed. This regime, however, is not applicable to copyright infringement, which will be dealt with by the forthcoming copyright reform bill.

Privacy After the Snowden leaks, a small number of privacy provisions were included in Marco Civil (the main privacy and data protection bill under development has yet to be sent to Congress). The main proposal was extremely controversial: forcing Internet companies to host data pertaining to Brazilian nations within Brazilian territory. Broadly rejected by civil society, engineers, companies, and several legislators, the proposal was dropped by the government so that voting could take place.

Rights and principles Marco Civil establishes a strong, forward-looking assertion of rights and principles for Internet regulation in Brazil: freedom of expression, interoperability, the use of open standards and technology, protection of personal data, accessibility, multistakeholder governance, open government data.
Although it must still go to Brazil's Federal Senate for consideration, before returning to the Chamber of Deputies and then being sent to the Brazilian President for her signature, the bill is essentially passed. As the above summary makes clear, the Marco Civil is an extremely wide-ranging law, and arguably the best of its kind anywhere in the world -- an extraordinary achievement given its unusual origins and the lobbying firepower ranged against it. Global Voices comments:
In a moment when censorship, surveillance, corporate greed and government corruption seem to dominate the world of digital rights, a victory like this one can bring hope to those working to improve user protections worldwide.
The people who made this happen are to be congratulated on the victory, gained thanks to their unstinting hard work over the last few years. If only more of us could look forward to the protections the Marco Civil will provide.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

20 Comments | Leave a Comment..

Posted on Techdirt - 26 March 2014 @ 11:01am

UK Court Says Information Stored Electronically Is Not 'Property'

from the for-intellectual-property-read-intellectual-monopoly dept

More and more of our activities take place in the digital rather than analog realm. But what exactly is the legal status of that digital stuff as it flows around the Internet, or sits inside databases? A recent judgment in the UK provides important guidance:

Information stored electronically does not constitute property which someone can exercise possession of, judges in the UK have ruled.

The Court of Appeal rejected arguments to the contrary and refused to interpret existing laws in a manner which would, it admitted, "have the beneficial effect of extending the protection of property rights in a way that would take account of recent technological developments".

The judges said that whilst it is possible to exert control over electronic information it is not possible to gain possession of it. The distinction was drawn in a case concerning a dispute between a publisher and an IT supplier.
The details of that case can be read in the useful post on quoted above. The basic facts are as follows. The publisher Datateam Business Media Limited wanted to outsource the management of its subscriber database. The company Your Response Ltd took on the job, but the publisher became dissatisfied with its services, and sought to terminate the contract. In the following dispute over the payment of fees, Your Response Ltd claimed possession of the database -- hence the court case. The analysis of one of the judges is interesting:
"An electronic database consists of structured information," Lord Justice Floyd said. "Although information may give rise to intellectual property rights, such as database right and copyright, the law has been reluctant to treat information itself as property. When information is created and recorded there are sharp distinctions between the information itself, the physical medium on which the information is recorded and the rights to which the information gives rise. Whilst the physical medium and the rights are treated as property, the information itself has never been."
That's an important statement that touches on many aspects of the online world, not least digital copyright. It confirms that the property of "intellectual property" is of monopoly rights, not of the information in the creative work. And since that information cannot be possessed, it therefore cannot be stolen, despite what copyright maximalists would have us believe.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

57 Comments | Leave a Comment..

Posted on Techdirt - 26 March 2014 @ 5:38am

UK Anti-Terror Powers Abused To Hunt Down Whistleblower Who Revealed Secret Government Tax Deal

from the shocked-to-the-bones dept

The UK government continues to claim that its spying activities are lawful, without specifying exactly why. However, it's pretty clear that the main law it is depending on is the Regulation of Investigatory Powers Act 2000 (RIPA). As Techdirt reported in January, there are serious doubts about whether GCHQ's surveillance activities are indeed covered by RIPA, but that's not the only problem here: the following story from The Guardian shows how RIPA is being abused -- not to find terrorists trying to bring down the state, but to winkle out whistleblowers selflessly trying to help it:

MPs have criticised Britain's leading tax official after HM Revenue & Customs [HMRC -- the UK tax authority] used powers meant to catch terrorists to hunt down an employee who exposed a secret multimillion-pound "sweetheart" deal with Goldman Sachs.

Lin Homer, the chief executive of HMRC, had told the public accounts committee that phone records had been obtained using the Regulation of Investigatory Powers Act (Ripa) to unearth information about Osita Mba, an in-house lawyer.
In 2011, Mba had written in confidence to various government bodies, saying that the then head of UK tax, Dave Hartnett, had "let off" Goldman Sachs from paying at least £10m in interest. But instead of being grateful for this information, the tax authorities seemed more interested in hounding him:
When HMRC discovered Mba's intervention, his belongings, emails, internet search records and phone calls and the phone records of his then wife, Claudia, were examined by investigators.

At the committee meeting, Hodge also asked whether it was appropriate to pass Mba's wife's address, mobile number and office number to HMRC staff to investigate.
HMRC's abuse of RIPA extended to investigating Mba's communications with a Guardian journalist:
Margaret Hodge, the chair of the [Parliamentary] committee, said that HMRC's use of the powers, ostensibly to track down whether Mba had been talking to the Guardian's then investigations editor, David Leigh, had "shocked her to her bones".
Hodge went on to ask for assurances that HMRC would never again use RIPA powers on a whistleblower:
[Tax chief] Homer declined to offer Hodge the desired reassurance, responding: "You know that we cannot offer carte blanche assurances for evermore that we won't use these -- I have other duties of care to parliament and other individuals."
That refusal underlines why the UK's RIPA needs serious revision -- both to stop this kind of abuse, and to bring some much-needed scrutiny to the legal basis for GCHQ's massive surveillance activities.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

14 Comments | Leave a Comment..

Posted on Techdirt - 26 March 2014 @ 12:22am

Corporate Sovereignty Provisions Called Into Question Around The World

from the ISDS-is-*so*-twentieth-century dept

A couple of weeks ago, we noted that Germany just threw a big spanner in the TTIP works by calling for corporate sovereignty provisions to be excluded. Although perhaps the most dramatic repudiation of investor-state dispute settlement (ISDS), it's by no means the only one. Indeed, the tide really seems turning, as country after country calls into question the need to put corporations on the same level as entire nations. For example, according to this report from the Yonhap News Agency, South Korea wants to re-visit the corporate sovereignty chapter in its trade agreement with the US:

South Korea plans to hold talks with the United States to rework the investor-state dispute (ISD) clause in their two-year-old free trade pact that has long been cited by critics as being unfair, a government source said Sunday.
That's possible because of the following prescient move by South Korea at the time of the trade agreement's signing:
To receive parliamentary approval, Seoul forwarded a proposal to lawmakers that promised a "reevaluation" of the ISD clause down the line.
One country that has already "re-evaluated" ISDS, and found it wanting, is South Africa, as Techdirt explained at the end of last year. But the Lexology site reports that it could soon be joined by another major economy:
According to the Netherlands Embassy in Jakarta, Indonesia has informed the Netherlands that it has decided to terminate the Bilateral Investment Treaty between the two nations from 1 July 2015. The Embassy also states that "the Indonesian Government has mentioned it intends to terminate all of its 67 bilateral investment treaties".
Once more, it seems that painful experiences of corporate sovereignty played their part in the decision:
it would not be surprising if the Churchill Mining Plc v Indonesia cases (ICSID Cases ARB/12/14 and 12/40) have prompted more sweeping action by the Indonesian Government. Churchill and Planet Mining Pty began arbitration against the Indonesian government in May 2012 at ICSID in Washington. On 24 February 2014 the ICSID Tribunal rejected Indonesia's jurisdictional challenges leaving Churchill free to proceed with a claim for damages of not less than US$1.05bn, excluding interest. This decision has caused outrage in Indonesia.
That outrage is understandable, since it will be the Indonesian public that will have to foot the billion-dollar bill if the ISDS tribunal rules against Indonesia. In a way, the almost unfettered power of corporate sovereignty has become its own worst enemy. The possibility of making claims for billions of dollars has naturally caught the attention of both the public and politicians in the nations affected, prompting many to re-consider the wisdom of agreeing to this kind of one-sided bargain.

If Indonesia does indeed start terminating its 67 bilateral investment treaties, we can expect other countries to take note and consider following suit. One knock-on effect will be that US insistence on putting corporate sovereignty provisions in TPP will begin to look distinctly out of place in a world where prudent nations are starting to move away from them.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

25 Comments | Leave a Comment..

Posted on Techdirt - 21 March 2014 @ 7:39pm

Exile: Sarah Harrison On Paying The Price For Helping Edward Snowden

from the journalist-or-terrorist? dept

One of the unsung heroines of the Snowden story is Sarah Harrison. A statement she published on WikiLeaks in November 2013 describes her role as follows:

As a journalist I have spent the last four months with NSA whistleblower Edward Snowden and arrived in Germany over the weekend. I worked in Hong Kong as part of the WikiLeaks team that brokered a number of asylum offers for Snowden and negotiated his safe exit from Hong Kong to take up his legal right to seek asylum. I was travelling with him on our way to Latin America when the United States revoked his passport, stranding him in Russia. For the next 39 days I remained with him in the transit zone of Moscow's Sheremetyevo airport, where I assisted in his legal application to 21 countries for asylum, including Germany, successfully securing his asylum in Russia despite substantial pressure by the United States. I then remained with him until our team was confident that he had established himself and was free from the interference of any government.
Harrison has now written a fine piece for The Guardian about the consequences for her of providing support to Snowden and WikiLeaks:
I cannot return to England, my country, because of my journalistic work with NSA whistleblower Edward Snowden and at WikiLeaks. There are things I feel I cannot even write. For instance, if I were to say that I hoped my work at WikiLeaks would change government behaviour, this journalistic work could be considered a crime under the UK Terrorism Act of 2000.

The act gives a definition of terrorism as an act or threat "designed to influence the government", that "is made for the purpose of advancing a political, religious, racial or ideological cause" and that would pose a "serious risk" to the health or safety of a section of the public. UK government officials have continually asserted that this risk is present with the disclosure of any "classified" document.

Elsewhere the act says "the government" means the government of any country -- including the US. Britain has used this act to open a terrorism investigation relating to Snowden and the journalists who worked with him, and as a pretext to enter the Guardian's offices and demand the destruction of their Snowden-related hard drives. Britain is turning into a country that can't tell its terrorists from its journalists.
She points out that she is not alone in suffering from the UK government's absurdly broad definition of "terrorism": Glenn Greenwald's partner David Miranda was detained for nine hours at London's Heathrow airport, and Snowden's lawyer, Jesselyn Radack, was interrogated there too. But the knock-on effects for journalism in the UK are particularly serious:
If Britain is going to investigate journalists as terrorists take and destroy our documents, force us to give up passwords and answer questions -- how can we be sure we can protect our sources? But this precedent is now set; no journalist can be certain that if they leave, enter or transit through the UK this will not happen to them.
One likely consequence of this is that international journalists will avoid passing through the UK on the way to their final destinations. More seriously, they may be unwilling to enter the UK to visit. Sadly, given the UK's increasingly besmirched reputation as a beacon of civilization with a free and effective press, that's likely to be viewed by the government there as more of a feature than a bug.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

54 Comments | Leave a Comment..

More posts from Glyn Moody >>