EU politicians want Europe’s next big digital law to tackle micro-targeted advertising, by regulating or even banning it

The EU’s next big digital law, the Digital Services Act (DSA) would update the EU’s e-commerce directive – which hasn’t been touched since 2000. Recommendations for the soon to be drafted laws have been made in reports by specialist committees within the European Parliament. Looking at those reports, we can see that the EU is planning to go after micro-targeting advertising from multiple angles and we might expect to see a GDPR level internet-wide change as a result of the DSA.

German authorities want large porn sites to implement age verification or be blocked via DNS

The persistent efforts of a German State Media Authority director named Tobias Schmidt has succeeded in bringing the age verification for porn sites discussion to the forefront of his country. Schmidt has been battling internet service providers to implement DNS blocks on sites that do not comply with the age verification requirements. In fact, the requirements are only being levied on a handful of sites and will damage existing leaders in the space but do nothing to stop German access to pornography.

Urban surveillance in The City of Angels: Watch out for the eyes in the sky

The Los Angeles Police Department (LAPD) recently obtained approval to start recording and storing the aerial surveillance footage captured by the department’s fleet of helicopters. When combined with aircraft mounted mobile device surveillance Stingrays known as Dirtboxes, this means that police in the LA area are capable and routinely conducting aerial surveillance that can provide video and device generated evidence that an individual was at a certain location at a certain time.

More Privacy News This Week:

Spy agency ducks questions about ‘back doors’ in tech products

The NSA has been giving Congress and specifically Senator Ron Wyden of the Senate Intelligence Committee the runaround. Wyden’s office has been seeking to find out whether the NSA actively implants backdoors in the technology used by the world. Wyden told Reuters: “The government shouldn’t have any role in planting secret back doors in encryption technology used by Americans.” The NSA responded in typical fashion: that they could neither deny nor confirm and that they don’t talk about their processes and procedures for national security reasons.

True, the social networking app that promises to ‘protect your privacy,’ exposed private messages and user locations

The social networking app left a server exposed on the internet that exposed private user data for the entire world to see.  True is made by Hello Mobile, a MVNO that uses the T-Mobile network. The unprotected server was discovered by Mossab Hussein from the Dubai-based firm SpiderSilk. Nothing on the server was encrypted, and the information on the server could even be used to hijack accounts live. Needless to say, privacy was not protected.

Europeans Hope for Better Ties With U.S. on Data Privacy After Election

European regulators and experts eagerly awaited the results of the U.S. 2020 election because it will significantly impact data privacy regulations and their prerequisite negotiations beforehand. With the Privacy Shield framework for cross-Atlantic data transfers of personal information has been invalidated, what is worked out on both sides of the ocean to replace it remains to be seen, and will have far reaching consequences.

Brought to you by Private Internet Access

Privacy News Online is brought to you by Private Internet Access, the world’s most trusted VPN service.

Special thanks to Intego

Thank you to Josh Long, our cybersecurity correspondent from Intego, makers of award-winning security software.

The post Privacy News Online | Weekly Review: November 6, 2020 appeared first on Privacy News Online by Private Internet Access VPN.

Germany to porn sites: Implement age verification or be blocked

The German authorities are specifically targeting a handful of larger porn sites to push age verification – or blocks – on. It all came to a head when internet service providers (ISPs) in Germany including Vodafone and Deutsche Telekom refused to set up voluntary DNS blocks, and now German authorities are in the process of legally forcing it on ISPs. All this, to pressure certain porn sites to implement age verification technology – which the UK has already shown just won’t fly. The thing is, such actions wouldn’t reduce access to porn for anyone. The Vice President of xHamster, Alex Hawkins, explained to Motherboard:

“Protecting minors from adult content found online is a positive idea. And one that everybody should stand behind. But what is happening here instead is an attempt to censor a few of the big adult industry market players, leaving hundreds of smaller adult websites unsupervised. We have been selectively asked to restrict access by implementing AV [Age Verification]. What would a user do in this case? A user would simply choose another free (not subject to AV) website. Will such an approach protect minors? Hardly. The majority of users would opt for another adult website without AV.”

Even in a possibly near dystopian future where popular porn sites like Pornhub are blocked by German ISPs, the myriad smaller ones would still be accessible. Even if those were somehow blocked – and there’s little indication that they would be – porn would still be available.  Emily van der Negal, the author of the book Sex and Social Media, told Motherboard:

“You can’t stop people from being horny. Pornhub doesn’t own porn. People, including teenagers, will find somewhere to access adult material. If there’s anything we’ve learned in the past few years, it’s that porn will always find a way.”

As graffiti art with 4 numbers and 4 punctuation points has shown, DNS blocks aren’t that hard to bypass. Even if Germany forces ISPs to upgrade the blocks, VPN use can allow German netizens to use the internet from a more free jurisdiction. Make no mistake, these attempts to make porn sites play ball are tangible steps down the slippery slope of censorship.

The post German authorities want large porn sites to implement age verification or be blocked via DNS appeared first on Privacy News Online by Private Internet Access VPN.

at least 13 countries have adopted or proposed models similar to the NetzDG matrix. According to Freedom House’s Freedom on the Net (2019), five of those countries are ranked “not free” (Honduras, Venezuela, Vietnam, Russia and Belarus), five are ranked “partly free” (Kenya, India, Singapore, Malaysia and Philippines), and only three ranked “free” (France, UK and Australia). Most of these countries have explicitly referred to the NetzDG as a justification for restricting online speech. Moreover, several of these countries, including Venezuela, Vietnam, India, Russia, Malaysia, and Kenya, require intermediaries to remove vague categories of content that include “fake news”, “defamation of religions”, “anti-government propaganda” and “hate speech” that can be abused to target political dissent.

One more can now be added to the list. Turkey has just passed what the Electronic Frontier Foundation calls “the worst version of Germany’s NetzDG yet“. Although it’s unfortunate that a regional leader like Turkey has brought in this law, it’s hardly a surprise. Turkey has a terrible record for freedom of speech: it is ranked 154th out of 180 countries in the RSF 2020 World Press Freedom Index. In 2018, its courts blocked access to around 3000 articles, including those on political corruption and human rights violations. Turkey has a track record of repeatedly blocking online companies like Facebook, YouTube and Twitter. Its government also brought in a VPN ban, and blocked the whole of Wikipedia.

One reason for these continuing attacks on freedom of speech is that Turkey’s President, Recep Tayyip Erdogan, is notoriously thin-skinned. For example, a Turkish citizen who simply shared a meme comparing Erdogan’s facial expressions with Gollum from “Lord of the Rings” was not only hit with a suspended sentence, but lost custody of his children. The new censorship law also seems to have been brought in partly for personal reasons, as Al Jazeera reports:

President Recep Tayyip Erdogan, who has greatly concentrated powers into his own hands during 17 years in office, pledged this month to bring social media platforms under control following a series of tweets that allegedly insulted his daughter and son-in-law after they announced the birth of their fourth child on Twitter. At least 11 people were detained for questioning over the tweets.

The new law was passed extremely quickly: barely a month passed from its announcement to its approval.

The EFF has provided a good summary of its main features. They include requiring social media platforms that have more than two million daily users to appoint a local representative in Turkey. This is similar to the approach taken by Brazil in its new “fake news” law, discussed by Privacy News Online a few weeks ago. The penalties for failing to do so can be steep: they include advertisement bans, heavy financial penalties, and bandwidth reductions. The legislation allows Turkish courts to order Internet providers to throttle social media platforms’ bandwidth by up to 90%, in effect blocking access to those sites. Once local representatives are in place, they are responsible for blocking or taking down content when ordered to do so by the Turkish government.

Social media companies will also be required to remove content that allegedly violates “personal rights” and the “privacy of personal life” within 48 hours of receiving a court order, or face steep fines. Measures to protect privacy are to be welcomed, generally; however, these sound dangerously vague. It’s easy to imagine them being abused by the rich and powerful who want true but embarrassing material removed. Another requirement is for social media platforms to store user data locally. It is likely that Turkish authorities will use this to demand details about people posting items that displease Erdogan, for example. In order to avoid that risk, many Turkish social media users will probably prefer to engage in self-censorship, which is doubtless the outcome the authorities want here.

Freedom of speech in Turkey has been under attack for years, and the new law is likely to exacerbate the existing problems. Given Erdogan’s grip on power, there’s not much that can be done about that for the moment. The worry has to be that if these new measures choke off online dissent in Turkey, as seems likely, it will encourage other repressive governments to adopt a similar approach elsewhere.

Featured image by Mstyslav Chernov.

The post Turkey takes Germany’s “hate speech” law, and makes it much worse with its own censorship and data localization rules appeared first on Privacy News Online by Private Internet Access VPN.

Featured: Privacy News Online – Week of July 17th, 2020

France passes legislation to block adult websites that don’t comply with new age verification framework

A recently passed bill in the French Parliament will create an age verification framework for those seeking to access adult content on the internet. While the specifics of how users would prove their age to websites hasn’t been specified, there have been talks of using credit card numbers or even government identifiers to verify age, which would also create a database of who watches porn online. The government will also be able to order internet service providers to block sites that don’t comply.

Read more: https://www.privateinternetaccess.com/blog/france-passes-legislation-to-block-adult-websites-that-dont-comply-with-new-age-verification-framework/

New German law would force ISPs to allow secret service to install trojans on user devices

A new law in Germany would allow the government’s intelligence agencies and law enforcement to work with internet service providers to install trojans on user devices. Germany has already had success in the past working with phone companies to use trojans on peoples’ smartphones, and now they want to be able to infect all internet connected devices. Since the law is expected to pass without any privacy preserving amendments, many organizations are already preparing to file suit against Germany’s state sponsored trojan plan for being unconstitutional.

Read more: https://www.privateinternetaccess.com/blog/new-german-law-would-force-isps-to-allow-secret-service-to-install-trojans-on-user-devices/

Brazil plans to bring in a “fake news” law, with serious implications for everyone’s privacy, no matter where they live

A new fake news law is expected to pass in Brazil and despite last minute amendments, the privacy implications are still huge. The law seeks to tie real identities to online identities and create accountability for those sharing fake news via chain forwarding. The new law requires large social media platforms and private messaging apps such as Facebook and WhatsApp to grant Brazil access to the main user database when asked. The new fake news law will likely be challenged under Brazil’s new privacy laws.

Read more: https://www.privateinternetaccess.com/blog/brazil-plans-to-bring-in-a-fake-news-law-with-serious-implications-for-everyones-privacy-no-matter-where-they-live/

More Privacy News This Week:

Hackers breached A1 Telekom, Austria’s largest ISP

The internet service provider admitted this past week that they had been battling with hackers on their network since November of 2019. A1 claims that no sensitive customer data was stolen during the half year that they were breached; however, this is unlikely to be true. The whistleblower that revealed A1’s breach noted that the hackers were able to look up specific information on A1 customers and had downloaded lots of data. The whistleblower believes that the attack was carried out by a Chinese government backed hacking group.

Read more: https://www.zdnet.com/article/hackers-breached-a1-telekom-austrias-largest-isp/

15 Billion Credentials Currently Up for Grabs on Hacker Forums

According to a new report by the Digital Shadows Photon Research Team, the total amount of usernames and passwords for sale in the dark corners of the internet number over 15 billion. This is the culmination of over 100,000 data breaches and credentials are beings old for an average of $15.43. The average price of credentials to access financial institutions is understandably higher – at over $70. The sheer number of exposed account credentials should remind users of the importance of not reusing passwords.

Read more: https://threatpost.com/15-billion-credentials-currently-up-for-grabs-on-hacker-forums/157247/

US Secret Service creates new Cyber Fraud Task Force

The Secret Service is merging its Financial Crimes Task Force with its Electronic Crimes Task Force to create the new Cyber Fraud Task Force. As the name suggests, the CFTF will work to investigate internet based financial crimes ranging from ransomware to data breaches and business email hacks. The new task force is being mobilized in the Secret Service’s domestic and international offices and will focus on the growing threat of transnational cybercrime.

Read more: https://www.bleepingcomputer.com/news/security/us-secret-service-creates-new-cyber-fraud-task-force/

Brought to you by Private Internet Access

Privacy News Online is brought to you by Private Internet Access, the world’s most trusted VPN service. Sign up now and get 2 months FREE!

The post Privacy News Online | Weekly Review: July 17, 2020 appeared first on Privacy News Online by Private Internet Access VPN.

“the redirected data should remain intended for forwarding to the addressee after the measure has been carried out.”

Germany wants to be the man in the middle

The state sponsored trojans would likely be utilizing software called FinFly ISP from a company called FinFisher which has already been used by German law enforcement in the past. FinFisher claims to be able to inject trojans on target devices from the ISP level with ease::

“FinFly ISP is able to patch files that are downloaded from the destination on-the-fly or to send fake software updates for popular software.”

FinFly ISP has been around for almost a decade and a 2011 advertising brochure available via WikiLeaks emphasized that their software has already been used:

“A secret service used FinFly ISP in the network of the most important national Internet service provider. It was sufficient that the system only knew the target person’s log-in information into the provider network in order to install a remote monitoring solution on their computer and monitor them from there.”

Amnesty International noted that this vector of trojan insertion has been previously used on a Morrocan journalist by the NSO Group.

Germany has a long history of government malware use

The BKA (Germany’s Federal Criminal Police Office) has previously been using trojans on individual smart phones as a way to have access to encrypted communications before they are encrypted. It’s important to remember that all the encryption in the world is useless if your device is compromised and clear text can be accessed before it becomes end-to-end encrypted. The same holds true if there happens to be a camera behind your screen that can see what you’re typing. Hell, even the changes in the gyroscope/accelerometer in your smartphone can be used to derive what your PIN or password is. We can infer that the BKA has seen success with their trojan use and now are seeking to install hardware in the datacenters of ISPs that would allow them to send these trojans to new smartphones, computers, and other devices during an update.

This law will and should be challenged for constitutionality

Many groups including the Society for Freedom Rights are already filing suit against the government for their use of trojans and plan to bring a constitutional challenge if this expansion of state trojan use comes to pass. Even the ISPs themselves are not happy with this development, citing a fundamental loss of trust. Bitkom, a group which counts Germany’s top ISPs as members commented that the project:

“fails to recognize the enormous risks to the overall network integrity of the providers and the associated loss of trust.”

The proposed law is already the result of lots of back and forth within the government and many expect it to pass when it is presented to Germany’s congressional body, the Bundestag, after next week. Germany has long been seeking this state trojan power to read encrypted messages with government malware and otherwise control target devices for years now and the fight is finally coming to a head. Notably, Germany’s top court recently ruled that constitutional protections on internet activity stemming from the right to privacy extend to non-Germans, as well; however, the use of trojan software to “support the diversion of telecommunications” seems to be a clear step in the opposite direction, even if it is only used under warrant.

The post New German law would force ISPs to allow secret service to install trojans on user devices appeared first on Privacy News Online by Private Internet Access VPN.

Australia has persisted with its own approach, which has also not been a great success: the app has failed to detect a case despite 6 million downloads. Australia is not the only one that has chosen to forgo help from Apple and Google. France, too, has taken this route. A recent vote in the French parliament cleared the way for it to be released to the public, and the government there claims things are off to a good start. However, it’s not yet known how well this system is working.

Some have argued that the US tech giants are dictating to countries how they can trace contacts, and that the centralised/decentralised debate is the wrong one:

In the manual version [of contact tracing] authorities do not reveal the identity of the infected person, be they a bus driver or a secret lover, nor do they explore the nature of the contact. The same approach ensuring privacy and data security can be achieved in the digital world. It does not have to be a binary choice. The data collected and used for a limited time by the national disease-control body in a democratic country does not have to be shared with law enforcement or sold to a third-party advertiser – as is true for all data gathered manually.

Of course, that assumes that national authorities can be trusted not to share highly personal data with the police or companies – not the easiest thing to accept these days.

Germany, by contrast, has been firmly in the Apple-Google camp for a while, after initially planning its own app. Now, it is well ahead of not just France, but Italy too, in rolling out its contact tracing app to millions of its citizens:

With 6.5 million users, the app has been taken up by about 7.8% of the German population in 24 hours. In contrast, the French StopCovid app was downloaded by 2% of the population since it was released at the start of the month. And just over 3.5% of Italians have taken up Immuni in the two weeks since the launch of the app.

Germany’s app is open source, as are those in many other countries, including Austria, Australia, Czech Republic, India, Italy, and Singapore. Denmark’s isn’t, and the Free Software Foundation Europe says it should be. That’s because it believes all software should be made freely available as a matter of principle. But in this case, privacy concerns also dictate that code dealing with sensitive personal data should be open to scrutiny.

One advantage of using the Apple-Google framework is demonstrated by the fact that Georgia, a nation of just 3 million people, was able to roll out its own contact tracing app quickly. It is already in use and has located people who were infected. Another potential benefit – not yet realized – is that contact tracing apps could be made compatible between different country systems, if they use the Apple-Google framework, which most do now. That’s particularly important for countries that are part of the EU, where freedom of movement is a key benefit. A requirement to download a different contact tracing app for each of the 27 member states is clearly impractical. Once the basic functionality has been sorted out, interoperability is likely to become a key issue for EU nations. That, in its turn, could create a de facto global standard, since non-EU countries may well choose to make their apps compatible with the EU version in order to enable their citizens to travel to the region without needing to install a new contact tracing app.

As well as writing apps that work, another major hurdle is getting people to use them – the more, the better. Germany has been very successful in this, others less so. In this regard, there’s a new problem on the horizon: infections have fallen to a low level in many countries, so the probability of coming into contact with an infected person is now very small. As a result, many people may see little benefit in installing the apps. That’s been the case in Norway, where privacy concerns coupled with minimal benefit have led to the data collected being deleted.

After the initial flurry of announcements earlier this year about contact tracing apps, and how they were vital tools to help stop the spread of the coronavirus, it’s clear that they will play only a minor role in countries with relatively low rates of infection. For places with large numbers of infections – or during second waves, for example – they could help people to self-isolate after being near infected individuals, without requiring direct intervention from medics who may be struggling to respond to the flood of cases. That means these apps are still worth having, especially given the relatively small cost of developing them – provided privacy issues are dealt with properly.

Featured image by SuperFantastic.

The post After exaggerated claims about their importance, here’s the reality of contact tracing apps appeared first on Privacy News Online by Private Internet Access VPN.

One of the first major laws against hate speech came from Germany, which has long grappled with the after-effects of its troubled past. From 1 January 2018, any Internet platform with more than 2 million users must have effective ways to report and delete potentially illegal content. As Deutsche Welle wrote at the time:

As of Monday, content such as threats of violence and slander must be deleted within 24 hours of a complaint being received, or within seven days if cases are more legally complex. The companies are also obliged to produce a yearly report detailing how many posts they deleted and why.

If the deadlines are breached, companies can be fined up to €50 million ($60 million), and people can report violations to Germany’s Federal Office of Justice (BfJ), which has made an online form available for the purpose.

The new law, known as NetzDG (short for “Netzwerkdurchsetzungsgesetz”, or network enforcement law), was fiercely opposed by digital rights groups, but in vain. David Kaye, the United Nations Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, also voiced his concerns. He worried that the new law would harm not just anonymous expression, but also privacy, because of a requirement to store and document material that was taken down:

By requiring complaints and measures to be documented and stored for an undisclosed amount of time, without providing further protection mechanisms against the misuse of such data, individuals become more vulnerable to State surveillance. These provisions also allow for the collection and compilation of large amounts of data by the private sector, and place a significant burden and responsibility on corporate actors to protect the privacy and security of such data.

That risk is particularly unfortunate, given Germany’s generally strong record on protecting privacy. As is often the case, once a precedent had been set, others were keen to follow. France began work on a similar law against “contenus haineux” – “hateful content” – in 2019. The law was finally passed in May of this year:

After months of debate, the lower house of Parliament adopted the controversial legislation, which will require platforms such as Google, Twitter and Facebook to remove flagged hateful content within 24 hours and flagged terrorist propaganda within one hour. Failure to do so could result in fines of up to €1.25 million.

But in a surprise development, France’s highest constitutional body, the Constitutional Council, has just struck down most of the law as being incompatible with the French constitution. Politico reported that the court ruled that the new law “undermines freedom of expression and communication in a way that is not necessary, adapted nor proportionate”.

That’s great news for freedom of speech in France, but the judgment’s importance transcends its immediate effect of striking down most of the bad features of this legislation. In particular, the comments by the Constitutional Council underline points made repeatedly by digital rights activists in both Germany and France, but ignored by politicians in those countries. The Court was worried about the difficulty of deciding what is “hateful content” within such a short deadline. It specifically noted the danger that under the new law, companies would have a strong incentive to delete any content that was flagged up to them, whether or not it was lawful. That’s completely different from a meticulous legal process before a judge to decide whether content is legal or not.

Those comments are important, because the European Union is currently working on a new Digital Services Act, which will seek to bring in EU-wide laws addressing important issues that include tackling the removal of unlawful content. Having both the German and French hate speech laws would have been powerful arguments for bringing in something similar for the whole of the EU. Now that the core of the French approach has been ruled unconstitutional, the argument that it is an established practice, and that there are already laws that can be used as a template, no longer holds.

One other comment by the Constitutional Court could prove important in this context. As Politico reports, the French court also said that the “obligations of means for platforms, including requirements to implement procedures, both human and technical, to ensure that notified content was processed as fast as possible” was unconstitutional. That essentially means automated filters, of the kind that the EU Copyright Directive effectively requires to stop unauthorized copyright material being uploaded. It would have been an obvious next step to extend those filters to block “hate” material – even though doing so would have made automated filters even more likely to block perfectly lawful posts. The latest ruling by the French court undermines the argument that general filters of this kind should be adopted under the Digital Services Act – something that is already controversial, in any case.

Featured image by gueluem.

The post Big win for online freedom in EU: key parts of France’s new “hate speech” law ruled unconstitutional appeared first on Privacy News Online by Private Internet Access VPN.

Featured: Privacy News Online – Week of May 29th, 2020

UK’s largest airline, easyJet, reveals January 2020 breach of 9 million customer records

The biggest airline in the United Kingdom, easyJet, has revealed a data breach which affects over 9 million customers. Affected customers had their email addresses and travel details stolen by the hackers. Around 2000 of those customers even had their credit card information stolen. Notably, this breach happened in January of 2020 and while easyJet informed authorities about the breach within 72 hours, it took them 4 whole months before they told affected customers.

Germany’s highest court rules individual right to privacy applies to everyone, even non-Germans

In a win for constitutional right to privacy, Germany’s highest court has ruled that the right to privacy online applies to everyone, even non Germans. Germany’s Federal Court of Justice  has ruled that this right can’t be violated by the country’s intelligence agency known as the BND. The BND used to spy on the internet activity of non-Germans because they aren’t citizens and arguably weren’t covered under the constitution – that is no more. Germany’s surveillance laws will be updated by the end of 2021 to reflect this ruling.

China moves to take full control over Hong Kong with a proposed national security law in China’s National People’s Congress

China is moving to take full control of Hong Kong in contravention of the agreement the PRC agreed to. Instead of letting Hong Kong pass the laws that govern the region, as was agreed to, China is now considering legislation to implement a new national security law for Hong Kong – without input from Hong Kong’s politicians or voters. The move has shaken faith in Hong Kong as a world financial centre. Understandably, pro-democracy protesters are now returning to the streets while the world is watching on with bated breath.

OpenSAFELY: more proof that tackling the coronavirus pandemic does not require privacy to be compromised

Analysis of pseudonymous health information helps fight COVID-19 in the UK and perhaps the whole world. OpenSAFELY is a secure analytics platform that allows health information for COVID-19 analysis that allows the health information of millions of patients be shared without violating their privacy. A new research paper from the United Kingdom highlighted the platform by using the pseudonymized records from 17 million patients to help advance COVID-19 research. This type of analysis, along with decentralized contact tracing applications are the way forward to fight COVID-19 and protect the privacy of citizens simultaneously.

More Privacy News This Week:

Two COVID-19 privacy bills introduced in Congress

The Senate has two new COVID-19 privacy bills to consider this session. The two bills are the COVID-19 Consumer Data Protection Act of 2020 and the Public Health Emergency Privacy Act. These bills endeavor to provide protections for emergency health data collected by third parties during this pandemic. Expert onlookers have their doubts about whether these bills will pass even through committee in their current forms but at least the conversation is going with privacy in mind.

A massive database of 8 billion Thai internet records leaks

AIS, the largest cell data provider in Thailand confirmed this week that they leaked over 8 billion internet records in the last month – while downplaying the privacy implications of the leak. The internet records leak was discovered by security researcher Justin Paine. The leaked information includes DNS queries and Netflow information – which is used by advertising companies to build profiles and identify internet users so there absolutely are privacy implications especially for at-risk internet users such as activists.

Chrome 83 released with enhanced privacy controls, tab groups feature

Google Chrome version 83 includes new privacy and security updates as well as features delayed from version 82. Notable new features include the ability for users to manage and delete cookies on a granular website level. Additionally, it’s now possible to block cookies entirely in Incognito mode and Google has also released an enhanced Safe Browsing mode which checks that the websites you visit are safe. These privacy features show that companies are keen to offer more options to users that care about their privacy.

Brought to you by Private Internet Access

Privacy News Online is brought to you by Private Internet Access, the world’s most trusted VPN service. Sign up now!.

The post Privacy News Online | Weekly Review: May 29th, 2020 appeared first on Privacy News Online by Private Internet Access VPN.

The laws governing the BND will be rewritten such that the BND needs to provide a justification for spying on the internet activity of foreign individuals. The court has ruled that these laws need to be rewritten and reimplemented by the end of 2021. However, the ruling does not ban that practice outright. Before the court’s intervention, the BND was allowed to gather such internet activity, evaluate it and even share it with other countries – for instance the countries where the foreign target resided. The Court stated:

“In particular, the monitoring is not based on sufficient objectives and structured in such a way that they are controllable; there is also a lack of various safeguards, for example to protect journalists or lawyers.”

Germany’s foreign intelligence agency must abide by the constitution

This case was brought before the court by foreign journalists, various organizations within Germany and also the global NGO Reporters Without Borders.

One of the German non profits from the suit, the Society for Civil Rights, told the New York Times:

“The ruling sets new standards in international human rights protection and for the freedom of the press.”

Bijan Moini, a lawyer that represented Reporters Without Borders in the landmark case also commented on how important it is that a foreign intelligence agency now needs to act constitutionally:

“Today’s verdict finally incorporates the BND into the German Constitution. The court sets far-reaching guidelines on how far and deep the service may monitor, how vulnerable groups of people must be protected and independent control must be strengthened.”

Christian Mihr, Director of the Germany arm of Reporters Without Borders also stated to DW:

“The German Constitutional Court has once again underlined the importance of press freedom. We are pleased that (the court) has put a stop to the sprawling surveillance activity of the BND abroad.”

Meanwhile, the United States doesn’t respect internet privacy of even its citizens

Meanwhile, across the pond in Washington D.C., the United States is nowhere near such a constitutional reckoning for the massive privacy violations undertaken by the NSA on citizens, let alone foreign individuals. In fact, Congress is set to vote on the USA FREEDOM Reauthorization Act of 2020 which would renew the Patriot Act and explicitly allow domestic internet activity to be gathered without a warrant. Nevertheless, this internet privacy victory in Germany should serve as a beacon of hope that the rule of law is not just an illusion and that heinous government practices can be curtailed.

Featured image by Steffen Prößdorf shared via CC BY-SA 4.0 License.

The post Germany’s highest court rules individual right to privacy applies to everyone, even non-Germans appeared first on Privacy News Online by Private Internet Access VPN.

Vodafone, Deutsche Telekom, Orange, Proximus, Swisscom, Telefonica, Telecom Italia, Telenet, Telenor, Telia and A1 Telekom Austria, and Windtre

Telecoms are also working with individual countries such as Italy, Austria, Switzerland, and Belgium to provide this data for virus tracking purposes. In Germany, the information is being shared with the Robert Koch Institute, Germany’s CDC. A Deutsche Telekom spokesperson told Die Welt:

“With this we can model how people are moving around nationwide, on a state level, and even on a community level.” 

But wait, aren’t there privacy laws against that?

The allegedly anonymized and aggregated data being provided by these telecoms doesn’t fall under the purview of EU’s data protection laws – which have been lauded around the world as being some of the best. Max Schrems, a well known privacy advocate in Austria, told Reuters:

“As long as the data is properly anonymized this is clearly legal.”

There-in lies the crux of telecoms sharing supposedly anonymized data with the government. De-anonymization of large data sets is a real, proven problem. The European Data Protection Supervisor (EDPS) has stated that no privacy laws are being breached – as long as there are safeguards. The EDPS head, Wojciech Wiewiorowski, wrote in a letter:

“The Commission should clearly define the dataset it wants to obtain and ensure transparency towards the public, to avoid any possible misunderstanding. […] It would also be preferable to limit access to the data to authorised experts in spatial epidemiology, data protection and data science.”

While it is easy to imagine the potential good that such data could do for public health, it is hard to do so without also imagining the possibility of deanonymization of the data set and other privacy issues. As Benjamin Franklin once wrote:

“Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.”

It doesn’t matter that Franklin wrote this quote in an entirely different context, the adage is astutely accurate in this time of expanding government surveillance powers under the guise of better science and crisis management.

A potential new norm that is not good for privacy: Telecoms sharing “anonymized” location data with governments

The main concern being voiced by privacy advocates such as Edward Snowden is that governments are unlikely to give up such access after the crisis is over once they’ve gotten a taste of the new power. Wiewiorowski also wrote:

“The EDPS often stresses that such developments usually do not contain the possibility to step back when the emergency is gone. I would like to stress that such solution should be still recognised as extraordinary.”

Even if the situation is recognized as extraordinary, the mere fact that it . Words mean little compared to actions, and now that this privacy breaching action has been taken, the seal has been broken as they say. The next time a slightly less. How long will it be before supposedly anonymized location data is sent to governments by telecoms on a yearly basis to combat the seasonal flu? It’s hard to put the cat back in the bag once it is out; make no mistake, it is currently raining cats and bags and the forecast calls for even more privacy violations.

The post Telecoms across Europe are sharing phone location data with governments as a result of the COVID-19 pandemic appeared first on Privacy News Online by Private Internet Access VPN.