Glyn Moody’s Techdirt Profile

glynmoody

About Glyn MoodyTechdirt Insider




Posted on Techdirt - 23 April 2014 @ 3:41am

Protests Mount Against Mexico's Proposed Telecommunications Law, Which Would Bring In Censorship, Allow Real-time Surveillance And Kill Net Neutrality

from the toxic-mix dept

Many people will be familiar with the name Carlos Slim as intermittently the richest person in the world, generally vying with Bill Gates for that title. Some will probably be aware that his huge fortune -- currently listed as $69.67 billion in his Wikipedia entry -- is derived from a business empire based on telecommunications. But as this article in the Los Angeles Times points out, ordinary Mexicans have paid a high price for his success -- literally:

telephone service, both land-line and cellular, is dominated by companies owned by Mexican tycoon Carlos Slim, one of the world's richest men, who has grown his businesses throughout Latin America. That means Mexicans pay some of the world's highest prices for some of the spottiest phone service.
Nor is that the only sector in Mexico where business power is highly concentrated:
For years, most of Mexican television has been dominated by a single company, Televisa, the largest broadcaster in the Spanish-speaking world. (Most of the rest is controlled by another single company, TV Azteca.)
On the face of it then, a new Mexican telecoms law that aims to loosen the grip of those dominant companies should be a good thing. But increasingly people are worried that its bad elements may outweigh the good, as Global Voices explains:
Billed as an effort to break up Mexico's notorious telecommunications and broadcast monopolies, the law covers a broad range of electronic communications issues -- and treads heavily in human rights territory. At the behest of the "competent" authorities, the law authorizes telecommunications companies to "block, inhibit, or eliminate" communications services "at critical moments for public and national security." The law also authorizes Internet service providers to offer service packages that "respond to market demands" and differentiating in "capacity, speed, and quality" -- a measure that could preclude protections for net neutrality in the country. To top it off, security measures in the law would allow authorities to track user activity in real time using geolocation tools, without obtaining prior court approval.
That's a pretty toxic mix -- censorship, real-time surveillance and no net neutrality. The good news is that Mexicans are starting to mobilize against the proposed measures:
ContingenteMX, a nonprofit collective consisting of Human Rights, environmental and social network activists and citizens, hereby demands a guarantee that the inalienable right of free Internet access -- established on the Constitution -- be clearly spelled out in Mexico’s Telecommunications and Broadcasting Law. It also requests that the constitutional citizen initiative "Internet Libre para Todos" (Free Internet For All), signed by over 223 thousand duly identified citizens and delivered to Congress in 2013 as a proposal to guarantee the right of Internet access become law.
According to a report on vice.com, people have already taken to the streets in protest against the new law. In addition:
Mexico's human rights commission has already denounced the legislation for violating basic constitutional rights including the right to privacy and freedom of expression. In the coming weeks the legislation will go before the senate and Internet freedom activists are hoping it will get voted down.
Let's hope so too.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

7 Comments | Leave a Comment..

Posted on Techdirt - 22 April 2014 @ 10:05am

Turkey's Prime Minister Sues His Own Country Over Twitter

from the seriously-losing-it dept

As we've been reporting for nearly a year now, the Turkish prime minister, Recep Tayyip Erdoğan, really hates Twitter. Indeed, it is arguably becoming something of an obsession for him, to the point where he has now taken the unprecedented step of suing his own country over it, as Hurriyet Daily News reports:

Prime Minister Recep Tayyip Erdoğan made an application to the Constitutional Court on April 18 over the failure to implement court rulings requesting the removal of content violating his rights, according to a senior official from his office. Erdoğan is seeking 50,000 Turkish Liras in compensation, Reuters reported.

The move has been described as a "first of its kind" by the Union of Turkish Bar Associations (TBB) head Metin Feyzioğlu, who said the prime minister of Turkey had never before filed a lawsuit against the state.

"There is no precedent for the Prime Minister of the Turkish Republic to sue the Turkish Republic and demand compensation. This is happening for the first time," said Feyzioğlu.

He also described Erdoğan's application to the Constitutional Court as "unlawful," on the grounds that domestic remedies had not yet been exhausted.
Those domestic remedies include filing a lawsuit against Twitter, which naturally seems to be trying to avoid that: on April 14, its head of global public policy held talks with officials from the prime minister's office, the Communications Ministry and telecom authorities. The company has already made concessions, as this story from Agence France-Press indicates:
Twitter blocked two accounts on Sunday that had been used to spread corruption allegations against Turkish Prime Minister Recep Tayyip Erdogan, his government and his inner circle.

The move came after high-level meetings between the government and executives from the company last week, and after the Turkish government provoked a storm in March by trying to ban the network entirely.

The two accounts blocked on Sunday -- @Haramzadeler333 and @Bascalan -- leaked large amounts of secret documents and recorded phone conversations implicating Erdogan, his family and associates in a wide-ranging corruption scandal.
It seems unlikely that blocking a couple of accounts will satisfy the Turkish prime minister -- it may even embolden him. Expect to see further interesting developments in this long-running struggle pitting a popular but increasingly-autocratic Erdoğan against his political opponents and supporters of freedom of speech.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

10 Comments | Leave a Comment..

Posted on Techdirt - 21 April 2014 @ 8:11pm

German Politicians Hit Back At USTR Criticisms Of European Cloud Idea

from the well,-what-did-they-expect? dept

Last week we wrote about the USTR suggesting that any attempt by the European Union to create its own local cloud in order to minimize surveillance by the NSA would violate trade agreements. This has not gone down well with European politicians, particularly in Germany, whose Deutsche Telekom was singled out for criticism. Here's what Bavaria's Minister for Europe, Beate Merk, said while visiting the US, as reported by Die Welt (original in German):

"In my talks with the USTR, I've made it clear that our discussions of a "Schengen cloud" [that is, EU-only] has no protectionist background, but is born out of need as a consequence of the lost confidence arising from the NSA business," Merk said to Die Welt.

"We have a duty to ensure that the data of people in the EU is safe from unrestrained access by third parties", Merk added. If there is no offer from the US side for more data protection and data security, one is obliged "to propose one's own ideas on this score," underlined Merk.
She also pointed out that the EU cloud proposals were being made by commercial providers, not put in place through legislation, which means that the accusation of "protectionism" was simply incorrect. A German member of the European Parliament was even more forthright:
"The criticism of the US Trade Representative is bizarre! It seems they've noticed that people have finally had enough and that spying on data will no longer be tolerated."
As Die Welt notes, thanks to the USTR's ill-judged comments on this issue:
The "Schengen cloud" has become a stumbling block for the planned [TAFTA/TTIP] free trade agreement.
Maybe not a very serious stumbling block, but combined with differences over GMOs, hormone beef and cheese names, it's enough to make achieving an "ambitious" agreement, along with its claimed benefits, just that bit more difficult.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

11 Comments | Leave a Comment..

Posted on Techdirt - 18 April 2014 @ 12:04am

TAFTA/TTIP: What Are The Benefits? What Are The Costs?

from the profits-before-people dept

As we draw near to the conclusion of TAFTA/TTIP's first year of negotiations, the detailed differences are starting to emerge between the US and EU. But one thing they both take for granted is that it's a good idea. "Good" in this context is essentially about money: the argument is that concluding a trade deal between the US and EU will boost both their economies, increase companies' profits, create employment and generally make people better off. Of course, since all of those are in the future, the only way to justify those kind of claims is to model the likely effects of TTIP on the various economies -- of the US, EU and rest of the world.

That's precisely what a study entitled "Reducing Transatlantic Barriers to Trade and Investment; An Economic Assessment" aimed to do (pdf). Although it's not the only study, it's indubitably the most quoted -- its figures crop up in most articles about the benefits of TAFTA/TTIP. That's largely because it was paid for by the European Commission, and therefore forms the "official" predictions of the benefits that are likely to flow from the agreement:

An ambitious and comprehensive transatlantic trade and investment agreement could bring significant economic gains as a whole for the EU (€119/$165 billion a year) and US (€95/$131 billion a year). This translates to an extra €545/$750 in disposable income each year for a family of 4 in the EU, on average, and €655/$910.
Usually, those figures are repeated without further comment or analysis. That's unfortunate, because there are a number of important assumptions behind them. For example, the use of the phrase "ambitious and comprehensive" is no mere rhetorical flourish: it refers to the most optimistic scenario considered in the study -- in other words, the best-case outcome. Significantly, it not only assumes that all remaining tariffs will be removed -- since these are already low (around 4%), the benefit from doing so is slight -- but also many "non-tariff barriers", economist-speak for regulations and standards. Of course, what industry regards as "barriers", citizens may see more as protections.

The other fact that is almost never mentioned is that the Commission's figures quoted above all refer to 2027, and are the predicted gains from TAFTA/TTIP after it has been in place for 10 years. Leaving aside the difficulty of predicting the US and EU economies in 2027, it also means that the claimed increases in GDP -- 0.39% for the US, and 0.48% for the EU -- are cumulative gains over ten years, and amount to less than 0.05% extra GDP added per year.

Those figures not only refer to the "ambitious and comprehensive" scenario -- in other words, they are an upper bound on what is likely to be obtained -- but also fail to take into account key costs associated with the changes that TAFTA/TTIP would bring about. It's perhaps not surprising that the European Commission's own analysis does not include these -- after all, they reduce the already-small benefits yet further. But clearly, in considering whether to proceed with TTIP, politicians and the public need to have the full picture, and that includes the likely costs as well as the likely benefits.

Fortunately, estimates for those costs have now been produced in some new research. It has been commissioned by the Confederal Group of the European United Left/Nordic Green Left (GUE/NGL) political group in the European Parliament. That group has an obvious political agenda, but then so does the European Commission. What's important is to have a range of analyses of the benefits and costs of TAFTA/TTIP so as to be able to form an overall, independent opinion drawing on them all.

The report "Assessing the Claimed Benefits of the Transatlantic Trade and Investment Partnership (pdf) offers a critical analysis not just of the European Commission's study, but of three others too. It examines their underlying econometric models in great detail to expose the assumptions made and data used. Here's its summary:

All of the four scrutinized studies report small, but positive effects on GDP, trade flows and real wages in the EU. GDP and real wage increases are however estimated by most studies to range from 0.3 to 1.3 %, even in the most optimistic liberalization scenarios. These changes refer to a level change within 10 to 20 years (!), annual GDP growth during this transition period would thus amount to 0.03 to 0.13 % at most.
That confirms that the very low GDP boost from TTIP, as predicted by the European Commission's study, is also a feature of the others. That's interesting for economists, but for non-specialists the new report's chief virtue is that for the first time it estimates the likely costs of TTIP. It points out that there are several major classes of these, largely ignored in the four studies considered:
Adjustment costs are mostly neglected or downplayed in the TTIP studies. This refers in particular to macroeconomic adjustment costs, which can come in the form of (i) changes to the current account balance, (ii) losses to public revenues, and (iii) changes to the level of unemployment.
These are costs associated with the changes brought about by TAFTA/TTIP. For example, removing tariff barriers necessarily reduces the income received by governments; the GUE/NGL study considers this in various scenarios, and comes up with a cost over 10 years of around €30/$40 bn for the EU economy. Costs are not calculated for the US, unfortunately, but it is likely that a similar figure would apply there too.

There are also significant labor adjustment costs, as some industries take on new workers, while others make them redundant. The report estimates these at around €10/$14 bn over the first ten years of TTIP. There will also be concomitant losses as a result of lower income tax and social security contributions from those who lose their jobs -- another €7/$10 bn.

That makes a total of €47/$64 bn. On top of that, there are two other important classes of costs. One is those arising out of corporate sovereignty payments. These can reach billions of euros/dollars per award, and are likely to become common given that there are 75,000 companies that could use an ISDS chapter in TTIP to sue the US or EU. The amount potentially involved is hard to quantify at this stage, as are the associated "social costs" of removing non-tariff barriers:

the elimination of [non-tariff barriers] will result in a potential welfare loss to society, in so far as this elimination threatens public policy goals (e.g. consumer safety, public health, environmental safety), which are not taken care of by some other measure or policy. Though subject to considerable insecurity, these types of adjustment costs might be substantial, and require careful case-by-case analysis. As we will see in the following, although the social costs of regulatory change are of particular relevance for the analysis of TTIP because of its emphasis of regulation issues, they have not been dealt with properly by the four scrutinized TTIP studies.
In other words, the cost of removing or harmonizing regulations and standards is not fully included in the calculation of whether TAFTA/TTIP is worth pursuing. Once again, that reveals that TTIP is currently seen purely through the optic of business -- whether profits are increased, not whether society must pay a corresponding, or even higher, price to make that possible.

While some will doubtless argue about the details of the new GUE/NGL analysis, it has the valuable function of reminding us that TAFTA/TTIP is not just about corporate profits, but also concerns the 800 million people who make up the citizenry of the US and EU. Until they are included in the equation, and their potential losses and gains factored in, any claims about TTIP's "benefits" -- even the tiny ones that the European Commission's analysis comes up with in its "ambitious and comprehensive" agreement -- must be regarded as simplistic, one-sided and incomplete.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

8 Comments | Leave a Comment..

Posted on Techdirt - 17 April 2014 @ 6:49am

Snowden Asks Putin Live On TV If Russia Carries Out Mass Surveillance; But Why?

from the what-on-earth-was-he-thinking? dept

Edward Snowden has generally been staying out of the limelight so that the NSA story is about the surveillance not the whistleblower. He's given occasional interviews and delivered a few short speeches via videolink, but usually of a fairly low-key nature. That makes his unexpected appearance today on a marathon televised question-and-answer session with Vladimir Putin -- again by videolink -- extremely odd. Here's his question, as reported by The Guardian:

Snowden asked: "Does Russia intercept or store or analyse the communication of millions of individuals?" He went on to ask whether increasing the effectiveness of internal security systems could ever justify such actions.
To which Putin replied:
"Mr Snowden you are a former agent, a spy, I used to work for a intelligence service, we are going to talk the same language."

He said Russia did not have a comparable programme, stating: "Our agents are controlled by law. You have to get court permission to put an individual under surveillance. We don't have mass permission, and our law makes it impossible for that kind of mass permission to exist."

He said he was aware that "criminals and terrorists" relied on this kind of [technology], and that their actions demanded a response from the security services. "We have to use technical means to respond to their crimes, including those of a terrorist nature, we do have some efforts like that. We don't have a mass control. I hope we [w]on't do that," he said.
It's really hard to know why Snowden asked this question. Perhaps he wanted to emphasize the disproportionate nature of NSA spying by contrasting it with Russia's approach; perhaps he thought his appearance would jolt a jaded public and focus renewed attention on the key issues. But surely he must have guessed that Putin would answer as he did -- whether or not it is true -- that Russia uses surveillance strictly according to the law, that there is no massive, disproportionate spying of the kind practiced by the NSA, etc. etc. He must have known that Putin would easily turn Snowden's question into a wonderful opportunity to score points against the US.

Inevitably, then, this appearance will be leapt on by those who have maintained that Snowden is some kind of Russian spy, and that he has been working for Putin all along. As Techdirt has noted, that story doesn't stand up, but this unexpected intervention by Snowden certainly doesn't do anything to dispel it. For someone who until now has judged when and how to make public statements so skilfully and effectively, this seems like an incredible misstep. It really makes you wonder what might lie behind it.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

64 Comments | Leave a Comment..

Posted on Techdirt - 17 April 2014 @ 12:08am

How Corporate Sovereignty Threatens Democracy

from the at-most dept

As people have begun to learn about corporate sovereignty through plans to include it in TAFTA/TTIP, the European Commission has been trying to scotch the idea that it might allow corporations to dictate policies to nations. Here, for example, is a comment in the Commission's main TTIP FAQ, which tries to answer the question "Why is the EU including Investor to State Dispute Settlement in the TTIP?":

Including measures to protect investors does not prevent governments from passing laws, nor does it lead to laws being repealed. At most, it can lead to compensation being paid.
Those are all true statements in theory, but that's probably not much comfort to Romania, which has been discovering the harsh reality in the long-running discussions over whether to allow a Canadian company to create a huge open-cast gold and silver mine in the country. Here's what happened last year:
Gabriel Resources Ltd. (GBU), backed by billionaire hedge-fund manager John Paulson, threatened to seek as much as $4 billion of damages should Romanian lawmakers vote to oppose its gold mine project in the country.

"We have a very, very robust case, and we believe we have claims up to $4 billion that we can send to the Romanian state," Gabriel Resources Chief Executive Officer Jonathan Henry said today in a telephone interview. "We will go ahead and do that if the vote is against."
As the European Commission notes, the existence of a bilateral investment treaty with Canada that includes a dispute settlement mechanism did not, in itself, stop the Romanian politicians from blocking the gold mine project in the parliamentary vote, which took place in December 2013. So everything's fine, right? Democracy prevailed, and the people were heard. After all, "at most", as the FAQ helpfully reminds us, Romania will have to pay $4 billion damages at some point.

Except that, for a country with a GDP of less than $200 billion in 2013, this represents 2% of the country's entire economic production. That seems an incredibly high price to pay for the exercise of basic democracy. The danger is that faced with the threat of such enormous fines, other parliaments will lack the courage shown by Romanian's politicians, and choose to ignore the will of their people by meekly acquiescing to corporate demands.

Does GBU deserve some compensation if a project is cancelled by the local government because of widespread public concerns about its safety? Perhaps -- although business always involves some risk, and foreign investment is no different. If a company is really worried about that aspect, it can take out insurance -- from the World Bank, for example. Does GBU deserve to be awarded 2% of a country's GDP, paid for by the citizens of a land struggling to raise its living standards? That hardly seems fair. And yet it's precisely what ISDS could allow, because the arbitration panel that decides such corporate sovereignty cases is unconstrained in what it can award, and not at all concerned with what the knock-on effects might be.

But the politicians making up the European Commission should be, since they are supposed to represent the 500 million European citizens that pay their salaries. The fact that they are pushing as hard as they can for ISDS in TAFTA/TTIP shows which side they are really on, and that they are quite happy to put corporations before nations, and profits before people.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

44 Comments | Leave a Comment..

Posted on Techdirt - 16 April 2014 @ 12:11am

First Phase Of Security Audit Finds Vulnerabilities But No Backdoors In TrueCrypt Encryption Software

from the more-work-needed,-and-more-donations dept

In the wake of the serious Heartbleed flaw in OpenSSL, more people are becoming aware of how widely used and important open source encryption tools are, and how their security is too often taken for granted. Some people were already worrying about this back in September last year, when we learned that the NSA had intentionally undermined encryption by weakening standards and introducing backdoors. As Techdirt reported, that led to a call for a security audit of TrueCrypt, a very popular open source disk encryption tool. Fortunately, the Open Crypto Audit Project raised a goodly sum of money through FundFill and IndieGogo, which allowed the first phase of the audit to be funded. Here's what's now been done (pdf):

The Open Crypto Audit Project engaged iSEC Partners to review select parts of the TrueCrypt 7.1a disk encryption software. This included reviewing the bootloader and Windows kernel driver for any system backdoors as well as any other security related issues.
The good news:
iSEC found no evidence of backdoors or otherwise intentionally malicious code in the assessed areas.
However, it did still find vulnerabilities in the code it examined:
the iSEC team identified eleven (11) issues in the assessed areas. Most issues were of severity Medium (four (4) found) or Low (four (4) found), with an additional three (3) issues having severity Informational (pertaining to Defense in Depth).

Overall, the source code for both the bootloader and the Windows kernel driver did not meet expected standards for secure code. This includes issues such as lack of comments, use of insecure or deprecated functions, inconsistent variable types, and so forth.
Because of that, among the recommendations that iSEC made was the following:
Improve code quality. Due to lax quality standards, TrueCrypt source is difficult to review and maintain. This will make future bugs harder to find and correct. It also makes the learning curve steeper for those who wish to join the TrueCrypt project.
That's an important point, and probably something that other open source projects might take to heart, too. Some have called into question whether Linus's Law -- that "all bugs are shallow, given enough eyeballs" -- is really true for free software (although Eric Raymond, author of "The Cathedral and the Bazaar", has offered a robust defense of that claim.) One reason why those eyeballs may not be finding the bugs is that the code, though open, is unnecessarily hard to read.

The fact that vulnerabilities were found -- even if "all appear to be unintentional, introduced as the result of bugs rather than malice" as iSEC puts it -- is another reason why the second phase of the audit, which will look at the details of how the cryptographic functions have been implemented, is necessary. The discovery of "issues" in TrueCrypt's code also underlines why similar audits need to be conducted for all important open source security programs: if there are vulnerabilities in TrueCrypt, there are likely to be more elsewhere, perhaps much more serious. Finding them is largely a question of money, which is why companies currently free-riding on free software -- perfectly legally -- should start seriously thinking about making some voluntary contributions to help audit and improve them to prevent another Heartbleed.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

11 Comments | Leave a Comment..

Posted on Techdirt - 10 April 2014 @ 2:03pm

Dutch Immediately Ban Unauthorized Downloads After EU Court Of Justice Confirms Incompatibility With Copyright Law

from the that-was-quick dept

The Court of Justice of the European Union is pretty busy these days. Earlier this week it released its important judgment striking down the EU's Data Retention Directive; now it has given its verdict on a complicated Dutch case involving the home-copying exception of European copyright legislation, and the associated use of copyright levies on blank media. As we reported back in January, the preliminary opinion of the EU's Advocate General was that the Dutch government should not allow unauthorized downloads of copyright material, as is currently the case, and that copyright levy calculations should not take such unauthorized downloads into account. Unlike the Data Retention verdict, where the EU's Court of Justice (ECJ) went well beyond what the Advocate General suggested, here the ECJ has largely followed his advice (pdf):

the Court holds that national legislation which makes no distinction between private copies made from lawful sources and those made from counterfeited or pirated sources cannot be tolerated.
In addition, it held that a copyright levy system that does not distinguish between authorized and unauthorized copies is not fair:
Under such a system, the harm caused, and therefore the amount of the fair compensation payable to the recipients, is calculated, according to the Court, on the basis of the criterion of the harm caused to authors both by private reproductions which are made from a lawful source and by reproductions made from an unlawful source. The sum thus calculated is then, ultimately, passed on in the price paid by users of protected subject-matter at the time when equipment, devices and media which make it possible to create private copies are made available to them. Thus, all users are indirectly penalised since they necessarily contribute towards the compensation payable for the harm caused by private reproductions made from an unlawful source. Users consequently find themselves required to bear an additional, non-negligible cost in order to be able to make private copies.
This ruling has already had one immediate effect, as TorrentFreak reports:
The Dutch Government confirmed to [the Dutch Website] Tweakers that downloading copyrighted material for personal use is no longer allowed, effective immediately.
Unauthorized downloading for personal use was permitted in the Netherlands because the government there believed that EU copyright law allowed it. The ECJ's ruling establishes definitively that it doesn't, and so the downloading exemption no longer applies.

The longer-term effect on EU copyright levies is harder to predict. The Court's verdict means that countries may no longer take unauthorized copies into account when calculating how much to add to the cost of storage. It will be interesting to see whether they reduce the copyright levy as a result, as they should if they implemented the new ruling faithfully. However, given the general lack of logic or fairness behind copyright levies, that seems unlikely. The best response would be to drop the anachronistic copyright levies altogether, and for the copyright industries to launch more online services offering lots of material at fair prices to encourage users to switch from unauthorized to authorized downloads, as has happened elsewhere.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

10 Comments | Leave a Comment..

Posted on Techdirt - 10 April 2014 @ 12:12am

USTR Warns That EU-Only Cloud To Avoid NSA Surveillance May Violate Trade Agreements

from the unwise dept

The USTR seems to have a worrying need to blame other countries. Alongside the infamous Special 301 Report which puts a selection of nations on the naughty step because of their failure to bend to the will of the US copyright industries, there's the less well-known Section 1377 Review , which considers "Compliance with Telecommunications Trade Agreements." Here's some information about the latest one (pdf):

The Section 1377 Review ("Review") is based on public comments filed by interested parties and information developed from ongoing contact with industry, private sector, and foreign government representatives in various countries. This year USTR received four comments and two reply comments from the private sector, and one comment from a foreign government.
Clearly something of a specialist area, then. One of those comments comes from the United States Council for International Business, which describes itself as "among the premier pro-trade, pro-market liberalization organizations." A concern it raises is the following:
The ability to send, access and manage data remotely across borders is integral to global services, including converged and hybrid services such as cloud services. However, the tremendous increase in cross-border data flows has raised concerns on the part of many governments. Given that cross-border services trade is, at its essence, the exchange of data, unnecessary restrictions on data flows have the effect of creating barriers to trade in services.
That seems to be reflected in the following section of the USTR's review:
Recent proposals from countries within the European Union to create a Europe-only electronic network (dubbed a "Schengen cloud" by advocates) or to create national-only electronic networks could potentially lead to effective exclusion or discrimination against foreign service suppliers that are directly offering network services, or dependent on them.
In particular:
Deutsche Telekom AG (DTAG), Germany's biggest phone company, is publicly advocating for EU-wide statutory requirements that electronic transmissions between EU residents stay within the territory of the EU, in the name of stronger privacy protection. Specifically, DTAG has called for statutory requirements that all data generated within the EU not be unnecessarily routed outside of the EU; and has called for revocation of the U.S.-EU "Safe Harbor" Framework, which has provided a practical mechanism for both U.S companies and their business partners in Europe to export data to the United States, while adhering to EU privacy requirements.
Of course, Deutsche Telekom is not the only one calling for Safe Harbor to be revoked: the European Parliament's inquiry into the mass surveillance of EU citizens has also proposed that, along with a complete rejection of TAFTA/TTIP unless it respects the rights of Europeans. Strangely, the USTR doesn't mention that fact in its complaint, but goes on to say:
The United States and the EU share common interests in protecting their citizens' privacy, but the draconian approach proposed by DTAG and others appears to be a means of providing protectionist advantage to EU-based ICT suppliers.
You've got to love the idea that too much privacy protection is "draconian". The USTR continues to tiptoe around the real reason that not just Deutsche Telekom but even Germany's Chancellor, Angela Merkel, are both keen on the idea of an EU-only cloud:
Given the breath of legitimate services that rely on geographically-dispersed data processing and storage, a requirement to route all traffic involving EU consumers within Europe, would decrease efficiency and stifle innovation. For example, a supplier may transmit, store, and process its data outside the EU more efficiently, depending on the location of its data centers. An innovative supplier from outside of Europe may refrain from offering its services in the EU because it may find EU-based storage and processing requirements infeasible for nascent services launched from outside of Europe.
The USTR saves what it obviously sees as its killer punch for last:
Furthermore, any mandatory intra-EU routing may raise questions with respect to compliance with the EU's trade obligations with respect to Internet-enabled services. Accordingly, USTR will be carefully monitoring the development of any such proposals.
Got that, Europeans? If you dare to try to protect yourselves by creating a slightly more secure EU-only cloud in response to the NSA breaking into everything and anything, you may find yourself referred to the World Trade Organization or something....

It's interesting that the USTR brings up this issue -- doubtless a reflection of the huge direct losses that revelations about massive surveillance on Europeans and others are likely to cause the US computing industry. But trying to paint itself as the wronged party here is not going to endear the USTR to European politicians. At a time when Safe Harbor and even the TAFTA/TTIP negotiations are being called into question in the EU, such an aggressive and insulting stance seems a very stupid move.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

60 Comments | Leave a Comment..

Posted on Techdirt - 8 April 2014 @ 11:06am

EU Data Retention Requirements Ruled 'Invalid' By EU Court Of Justice

from the no-more-"because-terrorism" dept

Back in December, we reported on a slightly mixed ruling from the EU Court Of Justice's Advocate General regarding the 2006 Data Retention Directive, which obliges European telecom companies to retain metadata about their customers. Although the Advocate found the Directive incompatible with fundamental European rights, he proposed merely suspending it until it was fixed. His opinion was not binding on Europe's highest court, but was generally regarded as indicative of the final verdict.

Today, the EU Court Of Justice (ECJ) handed down its judgment. As expected, it does follow the same general lines as the Advocate's view, but in a surprising and welcome turn of events, it goes far beyond it in the harshness of its condemnation and finality of its ban (pdf)

The Court of Justice declares the Data Retention Directive to be invalid

It entails a wide-ranging and particularly serious interference with the fundamental rights to respect for private life and to the protection of personal data, without that interference being limited to what is strictly necessary.
The ECJ clarified what exactly it meant when it declared the Directive "invalid":
Given that the Court has not limited the temporal effect of its judgment, the declaration of invalidity takes effect from the date on which the directive entered into force.
In other words, it is not just invalid from today's judgment, it was invalid from the moment it came into existence -- a pretty stunning slap down. The Court has no hesitation in declaring that blanket data retention interferes with fundamental rights (the emphasis below is in the original):
The Court takes the view that, by requiring the retention of those data and by allowing the competent national authorities to access those data, the directive interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data. Furthermore, the fact that data are retained and subsequently used without the subscriber or registered user being informed is likely to generate in the persons concerned a feeling that their private lives are the subject of constant surveillance.
Equally, the Court does recognize that there are valid circumstances for retaining such personal data:
the retention of data for the purpose of their possible transmission to the competent national authorities genuinely satisfies an objective of general interest, namely the fight against serious crime and, ultimately, public security.
The key issue -- one that Techdirt has emphasized many times -- is proportionality, and here the ECJ has no doubts:
the Court is of the opinion that, by adopting the Data Retention Directive, the EU legislature has exceeded the limits imposed by compliance with the principle of proportionality.
The Court goes on to list three specific ways in which the Data Retention Directive fails the test of proportionality. First, it notes that the Directive specifies that all data must be retained, without any kind of "differentiation, limitation or exception being made in the light of the objective of fighting against serious crime." That is, the "collect it all mentality" that has infected security services is inherently disproportionate and thus unacceptable.

The Court then notes that there are no objective criteria that can be used to assess whether the police or other authorities are allowed to access that data: again, pretty much anything goes with the current Directive. In addition:

the directive does not lay down substantive and procedural conditions under which the competent national authorities may have access to the data and subsequently use them. In particular, the access to the data is not made dependent on the prior review by a court or by an independent administrative body.
It's perhaps not surprising to see Europe's highest court insisting that national authorities need to ask a judge for permission to access highly personal data, but it's a hugely important reminder of the need to do so against a background where governments seem to regard such formalities as optional and dispensable.

Finally, the ECJ points out that there are no objective criteria for setting the Directive data retention period as between six and 24 months, and that no distinctions are made based on the kind of data stored, and about whom. It also notes that the Directive does not address the important issues of abuses or unlawful access, that nothing is said about how data should be destroyed at the end of the retention period, and there is no requirement for data to be retained within the EU at all times.

As with the Advocate's opinion, the ECJ's judgment offers implicit guidance on how the major flaws in the Data Retention Directive might be addressed -- with the important difference that the Court has imposed far more stringent conditions that will require those drafting any new Directive to be much more cautious in the requirements they lay down. Even if that's possible, the end result is likely to be a far meeker version of the current Directive.

It's also not yet clear what the status of existing national legislation implementing the Directive is now. These laws were passed by the EU member states in order to comply with the Directive; now that the Directive is invalid, it presumably means that they, too, are invalid. Will they be repealed by governments, or will they continue until challenged in national courts? Those are questions that politicians and lawyers around Europe will doubtless be discussing with some urgency. Here's what the European Commission claims:

National legislation needs to be amended only with regard to aspects that become contrary to EU law after a judgment by the European Court of Justice. Furthermore, a finding of invalidity of the Directive does not cancel the ability for Member States under the e-Privacy Directive (2002/58/EC) to oblige retention of data.
One thing is for certain: the large-scale and disproportionate surveillance activities carried out by the NSA and GCHQ within Europe, which bear many similarities to those authorized under the Data Retention Directive, cannot now be justified by invoking "national security". Today's ruling by the EU Court of Justice means that "because terrorism" is no longer a trump card that can be used in Europe to justify anything and everything.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

26 Comments | Leave a Comment..

Posted on Techdirt - 7 April 2014 @ 5:00am

Net Censors Arrested In China For Taking Bribes To Delete Unflattering Posts As Well As The 'Harmful' Ones

from the gaming-the-system dept

Techdirt has run a number of stories about China's increasingly pervasive Net censorship, which operates both domestically and further afield. According to this story in Index on Censorship, China seems to think its system still needs bolstering:

The Chinese government has revealed it is expanding their censorship of the internet with a new training programme for the estimated two million "opinion monitors" Beijing organised last year.

...

Once trained, monitors will "supervise" the posting of social media messages, deleting those that are deemed harmful. Beijing claims to have deployed "advanced filtering technology" to identify problematic posts, and will need to "rapidly filter out false, harmful, incorrect, or even reactionary information," according to Xinhua.

Internet monitoring in China is an intensive process. Censored search terms are often placed on the list and then removed as a situation develops.
That fluid situation and the huge numbers of people involved mean that it's hard to monitor the monitors -- generally a problem with censorship. So it was probably inevitable that some Net censors would start taking advantage of their power to earn a little extra money:
Beijing police have detained at least 10 people, including employees at Baidu, the leading Chinese-language Internet search provider, over allegations of abusing their positions to delete online posts in return for money, the Beijing News reports.
The idea was simple, as the China News post quoted above explains:
staff searched for unfavorable posts about enterprises and government departments, then charged hundreds of yuan to delete the posts.

...

The posts covered a wide range of issues, including forced demolitions, pollution problems, extramarital affairs and bribery by officials, as well as product quality and companies in financial crises
Combined with the millions who will be censoring a changing list of forbidden topics, this will make it even harder for Chinese citizens to find out what's going on from the mainstream Internet sites. That might encourage users to explore less well-known services in an effort to avoid such massive censorship, causing the Chinese authorities to recruit even more "opinion monitors."

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

15 Comments | Leave a Comment..

Posted on Techdirt - 3 April 2014 @ 5:29am

Microsoft-Sponsored Study Says Problems Caused By Using Windows Software Will Cost Businesses $500 Billion In 2014

from the awkward dept

The copyright industries' obsession with trying to shoot down piracy at all costs can sometimes cause them to end up shooting themselves in the foot. Here, for example, is a great example from Microsoft, which has recently been fulminating against the dangers of software piracy:

A new study released Tuesday reaffirms what we in Microsoft’s Digital Crimes Unit have seen for some time now -- cybercrime is a booming business for organized crime groups all over the world. The study, conducted by IDC and the National University of Singapore (NUS), reveals that businesses worldwide will spend nearly $500 billion in 2014 to deal with the problems caused by malware on pirated software. Individual consumers, meanwhile, are expected to spend $25 billion and waste 1.2 billion hours this year because of security threats and costly computer fixes.
The study fills out the picture with some details of the methodology (pdf):
In 2013 IDC tested pirated software from more than 550 Web and P2P sites or CDs bought in street markets to determine the prevalence of malware in pirated software. In January and February of 2014, the Department of Electrical and Computer Engineering at National University of Singapore conducted a forensic analysis of 203 PCs that were purchased from PC resellers, specialty shops, and PC markets in typical buying situations in 11 countries. Together, this research found the chances of encountering malware in a pirated copy of software is one in three. The chance of encountering malware in a PC purchased with pirated software is more than 60%.
Although the report doesn't say so explicitly, we are clearly dealing with Windows systems here -- computers are referred to throughout as "PCs," never as Macs, and some of the malware is named as "Win32/Enosch.A, Win32/Sality.AT, Win32/Pramro.F," which attack Windows systems exclusively. We can also be pretty sure that none of the infected programs was open source. Why? Because pirating software that is already freely available makes no sense -- and is certainly unlikely to be as profitable as offering black market versions of costly closed-source programs.

Putting this information together -- in order to "Get The Facts" as Microsoft always liked to say -- we arrive at the interesting conclusion that the use of commercial closed-source programs running on Microsoft Windows will cost businesses around $500 billion in 2014 alone because of the wasted time, lost data and reputational damage that will result from associated malware infections.

Assuming the research results are representative of what's happening -- and there's no reason to suppose they aren't -- the obvious conclusion to draw from them for PC users is not just to stop using pirated software (a good idea), but to stop using Windows-based programs too, and to switch to open source applications running on an open source operating system like GNU/Linux. After all, free software is even cheaper than pirated software, and yet rarely has any of the problems identified in the new report.

That's a really useful message for those facing the unwelcome prospect of paying their share of $500 billion to deal with the multiple problems associated with the Windows platform, but probably not the one Microsoft had in mind when it sponsored the research.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

112 Comments | Leave a Comment..

Posted on Techdirt - 2 April 2014 @ 8:17pm

Towards The Total Surveillance State: Ethiopia

from the they-know-everything-we-do dept

One of the most disturbing aspects of Edward Snowden's leaks is that they reveal the total surveillance state, where the authorities monitor everything, and know everything, is no mere abstraction. Where before such a vision was the domain of tinfoil-wearing, conspiracy theorists, today it is only a couple of "hops" from reality. Given that the enabling technology is available, you might have expected there would already be a few nations that have moved close to the total surveillance state; but you might be surprised to learn that one of them is Ethiopia. A new and chilling report published recently by Human Rights Watch, entitled "They Know Everything We Do: Telecom and Internet Surveillance in Ethiopia," explores the evidence in detail (pdf):

The Ethiopian government has maintained strict control over Internet and mobile technologies so it can monitor their use and limit the type of information that is being communicated and accessed. Unlike most other African countries, Ethiopia has a complete monopoly over its rapidly growing telecommunications sector through the state-owned operator, Ethio Telecom. This monopoly ensures that Ethiopia can effectively limit access to information and curtail freedoms of expression and association without any oversight since independent legislative or judicial mechanisms that would ensure that surveillance capabilities are not misused do not exist in Ethiopia.
Here's what that means in practice:
Websites of opposition parties, independent media sites, blogs, and several international media outlets are routinely blocked by government censors. Radio and television stations are routinely jammed. Bloggers and Facebook users face harassment and the threat of arrest should they refuse to tone down their online writings. The message is simple: self-censor to limit criticism of the government or you will be censored and subject to arrest.
Self-censorship is a real threat in countries with widespread surveillance -- even in those not as far down the path as Ethiopia. Indeed, self-censorship is probably one of the first negative consequences of any increasingly-pervasive surveillance regime.
Information gleaned from telecom and Internet sources is regularly used against Ethiopians arrested for alleged anti-government activities. During interrogations, police show suspects lists of phone calls and are questioned about the identity of callers, particularly foreign callers.
That shows concretely how "mere" metadata can be used against people, and why gathering it is so worrying. But the Ethiopian government does not limit itself to gathering information from existing sources:
Some high-profile Ethiopians in the diaspora have been targeted with highly advanced surveillance tools designed to covertly monitor online activity and steal passwords and files.
It does this thanks to technology acquired from the West -- the report mentions Gamma/FinFisher and Hacking Team, both European companies. Human Rights Watch concludes its summary as follows:
Ethiopia should not only ensure that an appropriate legal framework is in place to protect and respect privacy rights entrenched in international law, but also that this legal framework is applied in practice. Companies that provide surveillance technology, software, or services should adopt policies to ensure these products are being used for legitimate law enforcement purposes and not to repress opposition parties, journalists, bloggers, and others.
Sadly, neither of those seems very likely to happen, as total surveillance continues to spread around the world, passing from a vague dystopian fear into a mundane fact of life.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

13 Comments | Leave a Comment..

Posted on Techdirt - 2 April 2014 @ 12:02am

EU Commission's Consultation On Corporate Sovereignty Ignores Key Issue, But Shows That Real Transparency Is Possible

from the close,-but-not-close-enough dept

One of the most dramatic developments in the negotiations for TAFTA/TTIP was the announcement that the European Commission would be holding a consultation on the corporate sovereignty chapter. That was a result of the growing concerns about placing corporations on the same level as nations, and allowing the former to sue the latter for alleged loss of future profits caused by policy changes, for example. Here's what the European Commission has to say on the consultation's home page:

The European Commission is consulting the public in the EU on a possible approach to investment protection and ISDS in the TTIP. The proposed approach contains a series of innovative elements that the EU proposes using as the basis for the TTIP negotiations. The key issue on which we are consulting is whether the EU's proposed approach for TTIP achieves the right balance between protecting investors and safeguarding the EU's right and ability to regulate in the public interest.
It's deeply troubling to see the European Commission admitting that it will trade off the EU's right and ability to regulate in the public interest in order to protect investors, when the former should always be paramount.

The good news is that anyone can submit their comments, and that they have until June 21 to do so; the bad news is that the consultation is purely about the "modalities for investment protection and ISDS in TTIP" -- not about whether it should be present at all. That's particularly surprising given that most of the document is a litany of ISDS's problems (pdf): lack of clarity, uncertainty, opacity, inconsistency, capricious decisions, biased arbitrators, conflicts of interest, frivolous claims, no possibility for appeals -- the list goes on and on. Even though the consultation seeks input on solving these many and serious problems, the overriding impression is that ISDS is a dangerous and irremediable mess.

However, the consultation document does bring one unexpected bonus: official versions of the equivalent sections of the Canada-EU trade agreement (CETA). The Introduction to the consultation explains why:

Each issue is illustrated using reference texts as examples, taken from other investment agreements and from the approach developed in the EU - Canada (CETA) negotiations, which is the most recent text negotiated by the EU.
The implication is that CETA represents the latest thinking of the European Commission on the subject of corporate sovereignty, and that it will form the basis for its approach in TAFTA/TTIP. But there's a big problem with that. As we reported a few weeks ago, the ISDS chapter in CETA is riddled with problems, some extremely serious.

Of course, the European Commission will probably reply that the consultation is designed to rectify problems that people find. Although that's a fair point, it misses a larger one: that you don't bother fixing problems in something you don't need, and the European Commission has failed to make the case that corporate sovereignty is necessary. It's not needed because both sides have extremely well-established and effective legal systems. And it's not needed because even in its absence, transatlantic investment is already taking place on a massive scale -- as the Commission's own page on trade between the US and EU makes clear:

Total US investment in the EU is three times higher than in all of Asia.

EU investment in the US is around eight times the amount of EU investment in India and China together.

EU and US investments are the real driver of the transatlantic relationship, contributing to growth and jobs on both sides of the Atlantic. It is estimated that a third of the trade across the Atlantic actually consists of intra-company transfers.
Specifically, the US has invested 1.344 trillion euros in Europe, while EU companies have invested 1.421 trillion euros in the US. ISDS is not necessary, because there is simply no problem that needs solving here.

Since the European Commission's consultation fails to explore the central question, it is largely a waste of time. However, it does have the huge virtue of showing that transparency is possible: despite this unveiling of the EU's strategy in the area of investment, the sky is not falling. It thus makes clear why openness can and should be extended to all of TAFTA/TTIP, with the possible exception of a few areas where specific figures would need to be withheld for negotiating purposes. Ironically, the consultation document even explains why transparency is vital:

Transparency is essential to ensure the legitimacy and accountability of the system. It enables stakeholders interested in a dispute to be informed and contribute to the proceedings. It fosters accountability in arbitrators, as their decisions are open to scrutiny.
Exactly the same could be said about TTIP, which means that the European Commission's proposals to increase transparency for the corporate sovereignty chapter should also be applied to the entire agreement:
The EU will include provisions to guarantee that hearings are open and that all documents are available to the public. In ISDS cases brought under TTIP, all documents will be publicly available (subject only to the protection of confidential information and business secrets) and hearings will be open to the public. Interested parties from civil society will be able to file submissions to make their views and arguments known to the ISDS tribunal.
If transparency is essential to ensure the "legitimacy and accountability" of ISDS, it's even more vital for TAFTA/TTIP. The release of this consultation on corporate sovereignty is a welcome first step, but it is only that: the US and EU must routinely release negotiating documents -- at the very latest, as they are tabled, and ideally, before that. Failure to do so simply undermines TTIP's "legitimacy and accountability" and means that the widespread and growing rejection of ISDS could well spread to the rest of the agreement.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

8 Comments | Leave a Comment..

Posted on Techdirt - 1 April 2014 @ 4:08pm

Tone Of Comments Affects Perception Of Online Article's Content

from the who-are-you-calling-names? dept

One of the defining characteristics of online journalism is the possibility for readers to respond immediately, and to debate with each other in the comments -- something that was much harder and slower in pre-digital days. Generally, that has been regarded as welcome, since it means that authors can engage more easily with their readers, and the latter become active participants rather than simply passive recipients.

However, some research in the field of science journalism suggests that there might be a serious downside to this ability of the readers to express their views freely:

about 2,000 people were asked to read a balanced news report about nanotechnology followed by a group of invented comments. All saw the same report but some read a group of comments that were uncivil, including name-calling. Others saw more civil comments.

"Disturbingly, readers' interpretations of potential risks associated with the technology described in the news article differed significantly depending only on the tone of the manipulated reader comments posted with the story," wrote authors Dominique Brossard and Dietram A. Scheufele.

"In other words, just the tone of the comments . . . can significantly alter how audiences think about the technology itself."
Although the research was about science articles, it would be reasonable to assume a similar effect occurs for most kinds of online journalism, with "uncivil" comments leading to skewed perceptions of the matter being discussed. Good thing Techdirt readers never resort to name calling...

Follow me @glynmoody on Twitter or identi.ca, and on Google+

51 Comments | Leave a Comment..

Posted on Techdirt - 1 April 2014 @ 12:07am

Hundreds Of Thousands Take To The Streets Of Taiwan To Protest Against Trade Agreement's Lack of Scrutiny

from the sound-familiar? dept

One of the key problems with both the Trans-Pacific Partnership (TPP) agreement, and the Transatlantic Trade and Investment Partnership (TTIP), is the lack of scrutiny. Both deals are being negotiated in almost complete secrecy, with very little information being released officially. The justification for this, such as it is, is that the public will have a chance to see the agreements once they are finished, and that this is the appropriate time for transparency. The emptiness of that promise has been shown by the Polish Ministry of Economy's reply to some questions from the Modern Poland Foundation:

all the information the EU member states obtained from the European Commission is classified and it is not possible to pass it on outside the state administration. This also concerns the Foundation's request to access the text of the chapter on IPR and the Polish stance in this matter.

In compliance with the EU practices, the text of the treaty will be made available only in the final stage of the negotiations, after the signing of the document by both parties.
As that makes clear, the public will only get to see TTIP after it has been signed, when it can no longer be changed. The European Commissioners' idea of transparency turns out to be a cruel joke at the expense of the public that pays their not-inconsiderable salaries.

However, TTIP and TPP are not the only trade agreements being negotiated behind closed doors. Another has been concluded between China and Taiwan, with a similar lack of scrutiny. In scenes that recall the demonstrations across Europe when people found that they had no power to change ACTA, hundreds of thousands of demonstrators have taken to the streets of Taiwan's capital city, Taipei:

Large crowds of demonstrators took to the streets of Taipei to protest efforts by the government to approve a trade pact with Beijing and show support for the students who have occupied Taiwan's legislature for nearly two weeks.

Organizers estimated that at least 350,000 people were gathered, as of 2 p.m., on the streets around the Presidential Office Building to express discontent over a pact that would open up dozens of service fields to cross-strait investment. Police counted 116,000 demonstrators by 4 p.m., according to Taiwan's Central News Agency, while some television news stations put the number as high as 700,000.
As the New York Times article quote above explains, a key complaint is the fact that there would be no meaningful scrutiny:
While many demonstrators are opposed to the service trade pact, the most widely held complaint was that the measure has not been sufficiently examined. A poll before the occupation of the legislature indicated that more than 70 percent of respondents supported a line-by-line review of the pact.
That line-by-line review is precisely what granting "fast track authority" to the White House and USTR would make impossible for TPP and TTIP; instead, Congress would have a single "yes" or "no" vote on whether to accept one or both. The ACTA demonstrations in Europe led to the agreement being rejected by the European Parliament two years ago; now it looks like the Taiwanese authorities have also admitted defeat:
On Saturday, [Taiwan's President] Mr. Ma attempted to respond to some of the students' demands, saying he would back an itemized review of the trade pact and a law that would allow the legislature to more closely monitor agreements with Beijing.
In the light of the massive protests that swept through Europe in 2012, and those now filling the streets of Taipei, both of which were triggered by the refusal to allow any meaningful scrutiny of trade agreements that would have major consequences for everyday life, the question has to be: do the USTR and European Commission really want to run the risk of repeating that experience by pushing through TPP and TTIP in exactly the same undemocratic manner?

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

14 Comments | Leave a Comment..

Posted on Techdirt - 31 March 2014 @ 3:33am

USTR Starts To Panic Over Calls To Take Corporate Sovereignty Out Of TAFTA/TTIP

from the is-that-the-best-you've-got? dept

The pressure is really building on the US and EU over the corporate sovereignty provisions in TAFTA/TTIP. As we reported back in January, the European Commission has put on hold the negotiations for the investor-state dispute settlement (ISDS) chapter while it conducts a public consultation on the subject. The USTR seemed to be trying to tough it out, but it has finally cracked and released what it calls "The Facts on Investor-State Dispute Settlement: Safeguarding the Public Interest and Protecting Investors" in an attempt to bolster support for the idea. Its mere existence shows that the USTR is worried about losing the ISDS argument in the court of public opinion, and the answers, many of which are misleading or downright wrong, confirm this. Here's the rationale for releasing the document:

There are a lot of myths out there suggesting that ISDS somehow limits our ability -- or our partners' ability -- to regulate in the interest of financial stability, environmental protection, or public health. Some have even suggested that a company could sue a government just on the grounds that the company isn't earning as much profit as it wants.

These assertions are false.
The USTR gives some context for corporate sovereignty provisions:
Over the last 50 years, nearly 3,200 trade and investment agreements among 180 countries have included investment provisions, and the vast majority of these agreements have included some form of ISDS. The United States entered its first bilateral investment treaty (BIT) in 1982, and is party to 50 agreements currently in force with ISDS provisions.
Although that seeks to give the impression that corporate sovereignty is absolutely standard and nothing to worry about, what it omits to mention is that the vast majority of those 3,200 trade agreements have been one-sided: they have been about rich, Western nations investing in poor developing ones. As such, ISDS has been a means for the former's corporations to bully the latter, who are powerless to object, since they are desperate for foreign investment, and must accept the terms imposed on them.

Contrast this with TAFTA/TTIP. For the first time, a trade agreement between two massive economic powerhouses will involve corporate sovereignty. That means that US corporations will be able to sue the EU and its member states, but also that EU corporations will be able to sue the US. The scale of the threat is unprecedented: there are 75,000 cross-registered companies with subsidiaries in both the EU and the US that could launch ISDS attacks under TTIP. This is totally unlike any of those 3,200 trade agreements the USTR mentions.

There then follow the eight "facts you should know about ISDS provisions under U.S. trade agreements". According to the USTR these:
1. Provide basic legal protections for American companies abroad that are based on the same assurances the United States provides at home.

Investment protections are intended to prevent discrimination, repudiation of contracts, and expropriation of property without due process of law and appropriate compensation. These are the same kinds of protections that are included in U.S. law. But not all governments protect basic rights at the same level as the United States. Investment protections are intended to address that fact.
So by its insistence on ISDS in TAFTA/TTIP, is the US saying that the EU does not offer "the same kinds of protections that are included in U.S. law"? Seriously?
2. Protect the right of governments to regulate in the public interest.

The United States wouldn't negotiate away its right to regulate in the best interest of its citizens, and we don’t ask other countries to do so either. Our investment rules preserve the right to regulate to protect public health and safety, the financial sector, the environment, and any other area where governments seek to regulate. U.S. trade agreements do not require countries to lower their levels of regulation.
Well, some people might beg to differ on the first claim there, but leaving that aside, the second claim is easily refuted. As Techdirt reported in October last year, the provincial government of Quebec in Canada is being sued over a moratorium on fracking it brought in to allow time for scientific studies of the potential impact. That was under the North American Free Trade Agreement (NAFTA), which includes ISDS, and is a clear case of environmental protection being threatened by corporate sovereignty.
3. Do not impinge on the ability of federal, state, and local governments to maintain (or adopt) any measure that they deem necessary.

Under our investment provisions, no government can be compelled to change its laws or regulations, even in cases where a private party has a legitimate claim that its basic rights are being violated and it is entitled to compensation.
Although that's true, it misses the point, which is that the mere threat of being sued under ISDS causes governments to drop legislation before it is even introduced. Here, for example, is what happened in Canada under NAFTA in this regard:
Carla Hills, the US Trade Representative who oversaw the NAFTA negotiations for Bush I and now heads her own trade-consulting firm, was among the very first to play this game of bump-and-run intimidation. Her corporate clients include big tobacco--R.J. Reynolds and Philip Morris. Sixteen months after leaving office, Hills dispatched Julius Katz, her former chief deputy at USTR, to warn Ottawa to back off its proposed law to require plain packaging for cigarettes. If it didn't, Katz said, Canada would have to compensate his clients under NAFTA and the new legal doctrine he and Hills had helped create [ISDS]. "No US multinational tobacco manufacturer or its lobbyists are going to dictate health policy in this country," the Canadian health minister vowed. Canada backed off, nevertheless.

A former government official in Ottawa told me: "I've seen the letters from the New York and DC law firms coming up to the Canadian government on virtually every new environmental regulation and proposition in the last five years. They involved dry-cleaning chemicals, pharmaceuticals, pesticides, patent law. Virtually all of the new initiatives were targeted and most of them never saw the light of day."
The "facts" continue:
4. Do not expose state or local governments to new liabilities.

Under our Constitution and laws, investors frequently exercise their rights in U.S. courts. For example, in recent years, the U.S. government has defended hundreds of cases in U.S. courts under the Constitution's "takings clause," which requires compensation for expropriations. State and local governments have likewise defended many such claims. By contrast, the United States has only been sued 17 times under any U.S. investment agreement and has never once lost a case.
As well as confirming that ISDS tribunals are quite unnecessary, since US courts can be used instead, this overlooks the fact that the US has never had ISDS clauses in agreements with nations where large numbers of well-resourced corporations were able to take advantage of them. The EU has thousands of companies who can -- and will -- sue once they get the opportunity.
5. Provide no legal basis to challenge laws just because they hurt a company' profits.

Our investment rules do not in any way guarantee a firm’s rights to any profits or to its projected financial outcomes.
A year ago, we wrote about Eli Lilly suing Canada under NAFTA for "indirect expropriation" of future profits. That case hasn't been adjudicated yet, but obviously some company lawyers think NAFTA does indeed allow challenges just because projected financial outcomes suffer.
6. Include strong safeguards to deter frivolous challenges to legitimate public interest measures.

The United States has proposed additional safeguards that include stricter definitions than are in most investment agreements of what is required for successful claims, as well as mechanisms for expedited review and dismissal of frivolous claims, payment of attorneys' fees, consolidation of duplicative cases, and transparency.
If the US thinks its ideas are so good, it should publish them. After all, there's nothing confidential there -- what possible reason is there to discuss them behind closed doors?
7. Ensure fair, unbiased, and transparent legal processes.

The United States is committed to ensuring the highest levels of transparency in all investor-state proceedings.

...

8. Ensure independent and impartial arbitration.

Investor-state arbitration is designed to provide a fair, neutral platform to resolve disputes.
These are more aspirations than "facts" The reality is very different, as is evident from the official United Nations Conference on Trade And Development (UNCTAD) report on the reforming corporate sovereignty chapters, published in June last year (pdf), which contradicts the USTR's assertions that everything is just fine by noting:
Concerns with the current ISDS system relate, among others things, to a perceived deficit of legitimacy and transparency; contradictions between arbitral awards; difficulties in correcting erroneous arbitral decisions; questions about the independence and impartiality of arbitrators, and concerns relating to the costs and time of arbitral procedures.
As the above indicates, the USTR's defense of corporate sovereignty is weak in the extreme. If these "facts" are the best it has got, it's easy to see why ISDS is in such trouble and likely to be dropped from TAFTA/TTIP.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

37 Comments | Leave a Comment..

Posted on Techdirt - 28 March 2014 @ 12:01am

Latin American Revolution: Chile's New Government Wants To Open Up TPP

from the el-pueblo-unido dept

Last year, the US government was adamant that TPP would be finished by the end of 2013. And yet here we are, well into 2014, with no sign that things are anywhere near completion. That slippage is more than just embarrassing: it could have major implications for the treaty. TPP has dragged on for so long there's a new President in Chile, Michelle Bachelet, and she's more doubtful than her predecessor about the value of TPP to her country and its people.

Those doubts are starting to make themselves felt. In a recent speech (original in Spanish), Bachelet said that she wanted Chile to regain its role as a promoter of Latin American integration. That would represent a turning away from TPP, which is based on the Pacific Rim, and only includes two three other countries from Latin America -- Mexico, Colombia and Peru. In an interview with El Mercurio, Bachelet's new Minister for External Relations, Heraldo Muñoz, echoed this policy shift by emphasizing the importance of improving his country's relations with Brazil and Argentina. He also revealed some of Chile's new thinking on TPP (original in Spanish):

"In my meeting with [USTR] Michael Froman, I expressed Chile's position, which is to examine the content of the [TPP] negotiations with care, and to act transparently. We are going to consult with businesses, with civil society, so that these aren't closed negotiations. In addition, I said to Froman that Chile has sensitive areas where we are not prepared to go beyond the FTA [free trade agreement] with the US. There are areas such as intellectual property, the regulation of state-owned companies, or the Central Bank, which are red lines for us."
The theme of transparency was picked up in another interview, this time with the new director of Chile's Department of International Economic Relations, Andrés Rebolledo, which appeared in La Segunda (original in Spanish):
"We received some criticism (for how the [TPP] negotiations were conducted previously) and it appeared to us that there's an important opening for creating greater transparency with the various stakeholders who are involved and who are interested in the negotiations."
Rebolledo aims to do this by creating a new advisory group, which will include not just business interests, but also NGOs and other civil society groups:
We will establish a dialog with them and we are going to hand over elements of the negotiations -- those which are on the table, and of interest.

For us, as the government, it's beneficial from the perspective that we will obtain inputs that will help us better conduct the negotiations.
For TPP, whose negotiations have been some of the most secretive ever, with almost no real transparency, the plans of Chile's new President are not just a breath of fresh air, they are little short of revolutionary.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

15 Comments | Leave a Comment..

Posted on Techdirt - 27 March 2014 @ 10:03am

German Court Says Creative Commons 'Non-Commercial' Licenses Must Be Purely For Personal Use

from the YMMV dept

Creative Commons licenses have been hugely successful in allowing people to share their creations in ways otherwise impossible using traditional copyright monopolies. But one problem remains unresolved: what exactly does the "non-commercial" license allow you to do? This lack of clarity has led various people to advocate avoiding the use of CC-NC. Back in 2012, Techdirt reported on a call to drop completely both the non-commercial and the no-derivatives licenses. In the same year, a group of German copyright experts released in collaboration with Wikimedia a document entitled "Consequences, Risks, and side-effects of the license module Non-Commercial -- NC", which was made available in an English translation the following year (PDF).

Now a German court has weighed in on the subject, with interesting results (original in German.) The case concerned the use of a photo from Flickr, released under a CC-BY-NC license. The photo appeared on the Web site of Deutschlandradio, part of the German public broadcaster -- a non-commercial organization, that is. Alongside the photo, Deutschlandradio's Web site included the name of the artist, the license, and a link to its terms. Despite this, the photographer demanded 310 Euros plus costs on the grounds that Deutschlandradio had used the photo for commercial purposes.

The public broadcaster pointed out that there was no charge for its Web site, there was no advertising, and no sponsorship. Nonetheless, the judge agreed it should be treated as a commercial use. In coming to this view, the judge drew on German law, which defined "non-commercial" as purely for personal use, and excluded all commercial use in the "generally accepted sense", and that apparently included radio stations, irrespective of how they were funded.

As this underlines, quite what "non-commercial" means is likely to vary from country to country, and possibly even judge to judge. Yet another reason to avoid using CC-BY-NC altogether.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

36 Comments | Leave a Comment..

Posted on Techdirt - 27 March 2014 @ 12:07am

Brazil's 'Marco Civil' Internet Civil Rights Law Finally Passes, With Key Protections Largely Intact

from the leading-the-world dept

We first wrote about Brazil's 'Marco Civil' back in October 2011, when we described it as a kind of "anti-ACTA". That's because it was designed to protect online rights, not diminish them, and was the product of a democratic and transparent process, not of secret corporate lobbying. As Global Voices explains:

the bill was developed through a uniquely open public process. Over the course of several months in 2009 and 2010, citizens were invited to contribute suggestions and criticism to an early draft of the bill using an open online platform. Nearly 2,000 people participated in the process -- the bill was substantially revised and re-shaped to reflect public concern. As one popular meme (below) put it, the Marco Civil "does not belong to a [political] party. It belongs to Brazilians."
Precisely because it was not yet another corporate wishlist, but sought to enshrine fundamental user rights, it was fiercely attacked by an array of industries. In November 2012, it looked like Marco Civil had been killed off by the lobbyists, but in 2013 it showed signs of life again. Now comes the good news that it has finally passed a key vote in Brazil’s Chamber of Deputies; significantly, digital activism once more played a crucial role:
#EuQueroMarcoCivil – "I want Marco Civil." It was with this hashtag that Brazilians and supporters around the world pushed mightily yesterday for the passage of the Marco Civil da Internet, the unprecedented "Constitution" or "Bill of Rights for the Internet" that has been brought to Brazil's Chamber of Deputies nine times since 2012. Late in evening, the Chamber approved the one-of-kind bill that ensures fundamental rights of free expression and privacy online.

Throughout the day, Twitter users touted the bill's many safeguards for fundamental user rights to free expression, privacy, and access to information using the #MarcoCivil and #EuQueroMarcoCivil hashtags. In Brasilia, the nation's capital, supporters voiced their support using signs, t-shirts, and other creative methods.
As an article on infojustice.org notes, although not perfect, it's a great result:
Considering how terrible some of the proposed amendments to Marco Civil were, the approved text is largely positive. It is definitely not the ideal version of law. But it is a much better one than expected, and probably the best possible outcome given the existing political limitations.
Here's infojustice.org's summary of the Marco Civil's main features:
Data retention

Brazil was dangerously close to establishing a period of 5 years of mandatory data retention before discussions on Marco Civil began. Unfortunately, the bill still has provisions to that effect, but the period is much shorter for ISPs providing connectivity services (1 year).

...

Net neutrality Brazil has taken a major step forward in preserving net neutrality, following the example set by countries such as Chile and the Netherlands. Marco Civil establishes the general principle that net neutrality should be guaranteed, and further regulated by a presidential decree, with inputs from both the Brazilian Internet Steering Committee (CGI.br) and ANATEL, the national telecommunications agency.

Intermediary liability One of the main provisions of Marco Civil deals with the difficult subject of intermediary liability due to content uploaded by third parties. The system in Marco Civil establishes that intermediaries can only be held liable if they do not comply with a court order explicitly demanding content to be removed. This regime, however, is not applicable to copyright infringement, which will be dealt with by the forthcoming copyright reform bill.

Privacy After the Snowden leaks, a small number of privacy provisions were included in Marco Civil (the main privacy and data protection bill under development has yet to be sent to Congress). The main proposal was extremely controversial: forcing Internet companies to host data pertaining to Brazilian nations within Brazilian territory. Broadly rejected by civil society, engineers, companies, and several legislators, the proposal was dropped by the government so that voting could take place.

Rights and principles Marco Civil establishes a strong, forward-looking assertion of rights and principles for Internet regulation in Brazil: freedom of expression, interoperability, the use of open standards and technology, protection of personal data, accessibility, multistakeholder governance, open government data.
Although it must still go to Brazil's Federal Senate for consideration, before returning to the Chamber of Deputies and then being sent to the Brazilian President for her signature, the bill is essentially passed. As the above summary makes clear, the Marco Civil is an extremely wide-ranging law, and arguably the best of its kind anywhere in the world -- an extraordinary achievement given its unusual origins and the lobbying firepower ranged against it. Global Voices comments:
In a moment when censorship, surveillance, corporate greed and government corruption seem to dominate the world of digital rights, a victory like this one can bring hope to those working to improve user protections worldwide.
The people who made this happen are to be congratulated on the victory, gained thanks to their unstinting hard work over the last few years. If only more of us could look forward to the protections the Marco Civil will provide.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

20 Comments | Leave a Comment..

More posts from Glyn Moody >>