The Commission launched a first press cycle in August, which is a quiet news month, where journalists have difficulty finding stories. It informally fed the story to the Financial Times, with no detail, about how it was going to “get tough” (again!) on internet companies. That caused a press cycle that reflected the Commission’s spin with no other information available from other sources.

Then, on 12 September, the Commission is expected to launch the proposal, using Commission President Juncker’s “state of the union” speech to distract the public attention from anything but the most superficial details. We expect the Commission to overwhelm journalists with publication of an unmanageable amount of documents:

• the proposal, its explanatory memorandum and annex;
• an impact assessment listing the various options that were nominally “reviewed” before the political choice to have a Regulation was chosen;
• the outcome of the public consultation on illegal content online, divided between the various stakeholder groups and spin by the Commission;
• and, of course, a press release about getting tough on internet companies and, yet again, about the Commission getting tough on terror.

Journalists will have no option but running a story that sets out only the Commission’s approach to the regulation. That’s the second press cycle. A third press cycle could be one where journalists would have the time to do a critical analysis of what is proposed. The problem is that European proposals do not get three press cycles.

After being told by French and German Interior Ministers to prepare an EU Regulation on preventing dissemination of “terrorist content”, the European Commission got to work over the summer this year. This is a political problem for the Commission because Commissioners took an oath not to receive such instruction. Worse still, the Commission has consistently failed to provide a comprehensive approach to tackling illegal content online based on evidence, not on political spin.

For example, we can highlight:

• Its reckless failure to collect and publish data about online child abuse, which was severely criticised by the European Parliament, which castigated the Commission for the lateness and inadequacy of its implementation report on the child exploitation Directive.
• Its admission that it had no idea if or how often reports about possible serious crime, including terrorism, referred by Europol to internet providers lead to investigations or prosecutions.
• Its “hate speech” code of conduct explicitly downgrades the law to a lower status than internet giants’ terms of service;

Worse still, the Regulation is the third instrument (not including the Terrorism Directive, which was due to be implemented by Member States by 8 September) launched in a vacuum of research in the past 12 months. Such evidence-free policy-making stands in glaring contradiction with the Commission’s “Better Regulation Agenda”.

So, how can the Commission get good publicity out of the new Regulation, while avoiding scrutiny of the apparent failure of the other conveyor belt of instruments it launched in recent years? Simple but rigorous press management is all that is needed, apparently.

Shortly before the UK leaves the European Union, she explains why she wants this legislation to be imposed on the countries that are staying. The e-mail provides interesting insights into why these bad policies are being supported, the main insight being that support is based on myths and fallacies.

“The protection of individual user data and the freedom to access and share news and articles online are of paramount concern to Labour MEPs and they are committed to ensure that these freedoms are maintained and strengthened. Therefore, citizens’ concerns surrounding these issues will be at the forefront of Labour MEPs minds as the legislative proposals pass through the European Parliament.”

The proposals have been discussed for two years and the MEP voted to end discussions in the European Parliament. She voted instead to start secretive closed-door meetings (“trilogues”) with the EU Member States. Once such confidential discussions end, the Parliament is always under severe pressure to accept the entire “compromise” deal. Even if (having voted for a negotiating mandate for a text that unquestionably would restrict the right to share news online), these issues were at the forefront of MEPs’ minds, there would be, in practice, nothing they could do to mitigate the damage done by the negotiating mandate.

“In reforming EU copyright rules, the European Commission has aimed to make outdated rules suitable for the digital era, as they currently do not offer enough protection against piracy and the use of content without proper remuneration. At the same time, this will be balanced by offering citizens greater legal certainty when accessing content online.”

Even if the European Commission “aimed” to update outdated rules, this does not mean that they succeeded, nor should the policies be unquestioningly supported. The job of the Parliament is not to blindly support the European Commission. The reference to “accessing” content is very telling – Article 13 is about using the internet to share, create and communicate – not “access” content, like one accesses TV stations. This is precisely why the Directive is not an “update”, but an attempt to wind back the clock to a viewer/producer model to a time before the open internet.

“The “Press Publishers Right,” found in Article 11 of the current proposal would be an important step to protect our free and professional press, if adopted by the European Parliament, as it will ensure that they would receive proper remuneration for the online exploitation of their content.”

When this “right” was introduced in Spain, the biggest news aggregator (Google News) shut down, to the detriment of smaller news publishers.

When this “right” was introduced in Germany, the biggest news aggregator (Google News) was allowed not to pay, to the detriment of smaller news aggregators.

It is simply and demonstrably false to argue that this “would be an important” step in protecting the free and professional press, when experience shows that this is not true.

“The proposals would give press publishers the same rights as individual journalists and photographers to license their content. Whilst examining this proposal, Labour MEPs have paid particular attention to ensure that no liability is attributed to individual users, but rather the service providers, such as social media platforms, who use content without a licence. Article 11 does not create a “link tax,” and using or sharing hyperlinks is explicitly excluded from the scope of the report.“

No liability is attributed to individual users, because it is far easier to pursue a small number of social media companies than millions of individuals. By creating a new right for snippets of text, any quotation that is longer than short (whatever that means – the same quotation could be legal in one language and illegal in another), it becomes difficult to link because the link cannot be accompanied by a quotation indicating what can be found at that address. Worse still, any quotation that is longer than short would also fall under the filtering obligations in Article 13 of the Directive. So, any attempt to share quotations from news sources (unless from a state-sponsored propaganda outlet, for example) would be difficult, if not impossible. So much for supporting the “free and professional press”. RT if you agree…

“Labour MEPs are also particularly conscious that whilst this right improves the position of press publishers, individual authors such as journalists should also benefit from the proposals and have therefore backed modifications to ensure that this is the case.”

The implicit assertion that all journalists support this proposal is simply not correct.

“Regarding the proposed Article 13, the aim is to provide legal clarity as to where the liability lies for copyrighted content uploaded on video platforms.”

The aim is irrelevant, the actual text is all that is relevant. In any event, the assertion is factually untrue. Article 13 does not mention video platforms. The proposal covers all types of content (audio, text, image, etc) on all platforms covered by the unclear definition.

“Under the Commission proposal, platforms such as YouTube and Daily Motion would be responsible for taking reasonable steps to ensure that any copyrighted content is either properly licensed or taken down.“

The is the existing legal framework. The proposal is that upload filters (“content recognition technologies”) should be used to “prevent” content from being uploaded.

“This may necessitate the use of content recognition technologies, which are already used to ensure that inappropriate content such as hate speech or terrorist propaganda does not appear on video platforms and does not require any analysis of user data nor reveals the identity of the user.”

It is not possible to comply with the obligations in Article 13 without using upload filters. Therefore “it may necessitate” is misleading. It will necessitate upload filters – unquestionably

The reference to “already used” is misleading as upload filters are already used by the biggest providers, not by all providers. Just because Google does something – and lobbies for something – does not mean it is a good idea. It is interesting to note that the reference is to “inappropriate” (as defined by the platforms) and not “illegal” content, as defined by law.

“The content recognition technologies assess the content of the video alone, to ascertain whether or not it is, for instance, a popular music video which has not been licensed. In order to reassure individual users, the proposal envisages a complaints mechanism to ensure that users know why their content has constituted an infringement of copyright, and Labour MEPs support modifications to the proposal that would clarify that individual users will not be held liable for copyright infringement.”

Content recognition technologies would also be used to block quotations, parodies, memes, etc., not just if it was a complete music video. The proposal is that “identified” content be blocked, not only infringements.

Internet companies will only be obliged to implement a complaints mechanism if they remove content explicitly because of copyright law. If they say it is a “terms of service” violation, they could easy avoid the expense of implementing complaints. This is exactly what happens in relation to “hate speech” deleted under the European Commission’s hate speech code of conduct, for example.

Read more:

The EU gets another opportunity to improve copyright rules (25.07.2018)
https://edri.org/the-eu-gets-another-opportunity-to-improve-copyright-rules/

EP Plenary on the Copyright Directive – Who voted what? (23.07.2018)
https://edri.org/who-voted-what-in-the-ep-plenary-on-the-copyright-directive/

Press Release: EU Parliamentarians support an open, democratic debate on Copyright Directive (05.07.2018)
https://edri.org/press-release-eu-parliamentarians-support-open-democratic-debate-around-copyright-directive/

Copyright reform: Document pool
https://edri.org/copyright-reform-document-pool/

As EDRi and 57 other NGOs have been saying since the proposal was launched, and it has been said by academia, the UN Rapporteur on Freedom of Expression and Internet luminaries, and many others Article 13 of the Directive is a fundamentally flawed proposal.

The vote in July prevented the European Parliament’s Legal Affairs Committee from entering directly into secret negotiations (called trilogues) with the EU Council and there has been a little more time to keep debating different aspects of the Directive and to propose new alternative texts (amendments). These new amendments were discussed over the last two weeks, in closed-door meetings in the Parliament.

These amendments go from making the text even more unclear and damaging (the ones proposed by the Rapporteur Axel Voss MEP and Cavada MEP) to deletion and almost everything in between.

The best option for dealing with a bad proposal is to delete it, so this is what MEPs should be asked to vote for. However, the EU works on the basis of compromise, and some MEPs may not wish to vote for outright rejection. In that case, we would encourage those MEPs who won’t ask for deletion that to support the amendment from the Internal Market and Consumer Protection Committee (IMCO), which is a compromise that has received significant cross-party support.

If you have not contacted your MEP yet, you still have time! Go to www.saveyourinternet.eu and call, tweet or email your MEP and let them know your opposition to upload filters.

Read more:

Copyright: Compulsory filtering instead of obligatory filtering – a compromise? (04.08.2018)
https://edri.org/copyright-compulsory-filtering-instead-of-obligatory-filtering-a-compromise/

EP Plenary on the Copyright Directive – Who voted what? (23.07.2018)
https://edri.org/who-voted-what-in-the-ep-plenary-on-the-copyright-directive/

Press Release: EU Parliamentarians support an open, democratic debate on Copyright Directive (05.07.2018)
https://edri.org/press-release-eu-parliamentarians-support-open-democratic-debate-around-copyright-directive/

Action plan against the first obligatory EU internet filter (28.06.2018)
https://edri.org/strategy-against-the-first-obligatory-eu-internet-filter/

Moving Parliament’s copyright discussions into the public domain (27.06.2018)
https://edri.org/moving-parliaments-copyright-discussions-into-the-public-domain-2-0/

Last Friday, Rapporteur Axel Voss MEP sent his colleagues a proposal for a “compromise” that he characterised as “balanced”. Mr Voss claims the new text does not contain obligatory filtering and therefore is a real compromise.

It is true that the text no longer contains the wording of “prevent the availability” or “content recognition technologies”. Instead, the ”compromise” states simply that any platform that helps users to share content (“content sharing service providers”) will have full liability for every piece of content hosted at their servers.

If adopted, platforms that host content would have no option other than to implement upload filters, as they would be liable for every single upload from every single user – a risk that no commercial company could afford. Platforms have no choice other than to filter in an unaccountable regime that offers users no real redress mechanisms. This is not a compromise, but a more insidious effort to achieve the same result – mass filtering.

Read more:

EP Plenary on the Copyright Directive – Who voted what? (23.07.2018)
https://edri.org/who-voted-what-in-the-ep-plenary-on-the-copyright-directive/

Press Release: EU Parliamentarians support an open, democratic debate on Copyright Directive (05.07.2018)
https://edri.org/press-release-eu-parliamentarians-support-open-democratic-debate-around-copyright-directive/

Action plan against the first obligatory EU internet filter (28.06.2018)
https://edri.org/strategy-against-the-first-obligatory-eu-internet-filter/

Moving Parliament’s copyright discussions into the public domain (27.06.2018)
https://edri.org/moving-parliaments-copyright-discussions-into-the-public-domain-2-0/

Your reputation is 0 or 1

In an interview with the Washington Post, the product manager who is in charge of fighting misinformation at Facebook, said that one of the factors the company uses to determine if you’re spreading “fake news”, is a so-called “trustworthiness score”. (Users are assigned a score of 0 or 1.) In addition to this score, Facebook apparently also uses many other indicators to judge its users. For example, it takes into account if you abuse the option to flag messages.

Lots of questions

The likelihood of you spreading misinformation (whatever that means) appears to be decided by an algorithm. But how does Facebook determine a user’s score? For which purposes will this score be used and what if the score is incorrect?

Facebook has objected to the description of this system as reputation rating. To the BBC a spokesperson responded: “The idea that we have a centralised ‘reputation’ score for people that use Facebook is just plain wrong and the headline in the Washington Post is misleading.”

It’s unclear exactly how the headline is misleading, because if you’d turn it into a question “Is Facebook rating the trustworthiness of its users?” the answer would be yes. In any event, the above questions remain unanswered. That is unacceptable, because Facebook is not just any old actor. Together with a handful of other tech giants, the company plays an important role in how we communicate and which information we send and receive. The decisions Facebook makes about you have impact. Therefore, assigning you a trustworthiness score comes with great responsibility.

Facebook has to share your score with you

At the very least, such a system should be fair and transparent. If mistakes are made, there should be an easy way for users to have those mistakes rectified. According to Facebook, however, this basic level of courtesy is not possible, because it could lead to people gaming the system.

However, with the new European privacy rules (GDPR) in force, Facebook cannot use this reason as an excuse for dodging these important questions and keeping its trustworthiness assessment opaque. As a Facebook user living in the EU, you have the right to access the personal data Facebook has about you. If these data are incorrect you have the right to rectify them.

Assuming that your trustworthiness score is the result of an algorithm crunching the data Facebook collects about you, and taking into account that this score can have a significant impact, you also have the right to receive meaningful information about the underlying logic of your score and you should be able to contest your score.

Send an access request

Do you live in the European Union and do you want to exercise your right to obtain your trustworthiness score? Send an access request to Facebook! You can send your request by post, email or by using Facebook’s online form. To help you with exercising your access right, Bits of Freedom created a request letter for you. You can find it here.

Read more:

Example of request letter to send by regular mail (.odt file download link)
https://www.bof.nl/wp-content/uploads/2018/08/facebook-access-request-trustworthiness-assessment-physical-mail.odt

Example text to use for email / online form (.odt file download link)
https://www.bof.nl/wp-content/uploads/2018/08/facebook-access-request-trustworthiness-assessment-form-or-email.odt

Don’t make your community Facebook-dependent! (21.02.2018)
https://edri.org/dont-make-your-community-facebook-dependent/

Press Release: “Fake news” strategy needs to be based on real evidence, not assumption (26.04.2018)
https://edri.org/press-release-fake-news-strategy-needs-based-real-evidence-not-assumption/

(Contribution by David Korteweg, EDRi member Bits of Freedom, the Netherlands)

DNS-over-HTTPS (DoH) will introduce much-needed security and privacy features to web-browsing by looking up DNS requests made in the browser using a trusted DNS provider of that browser. The DNS is the internet architecture that ties a website address to the server where the content of that website is stored. This new feature will make transparent which DNS look-up service is being used.

By default all new DNS look-ups are handled by a chain of requests until an IP address for the website is found: first to one’s internet service provider (ISP), next to the closest DNS root server, then potentially to a cloud hosting provider and other intermediary servers until the
address is located and sent back to the user. The DNS information is stored back along the chain, from the ISP to one’s home router and finally in the web browser itself.

Private persons and consumers need a high level of technical skill to even find out who is providing their DNS, and it gets even more esoteric if they want to know privacy terms. Having a trusted DNS provider and knowing how to configure default DNS queries is even further beyond the reach of most users.

Every DNS request sends data about the website a user is visiting and in particular or in aggregate, this data can be used to infer behaviours of individual users or groups of users. Often internet usage statistics are made from DNS request data. It is a small and technically specific form of personal data collection that has not received much attention by EU regulatory authorities to date.

DoH will solve some of these issues, but at a considerable price that must be recognised. In practice, these privacy-enhancing changes will reduce the number of DNS look-up services that users are in contact with, yet since the trusted DNS services will be chosen by the browser, the new reduced number of DNS look-up services will be predominantly US-based.

As in so many internet issues, this is a trade-off between the parties who retain control over individual persons or consumers in a commercial and technical sense. In the case of Mozilla’s Firefox, the trusted DNS provider will be Cloudflare. If Chrome adopts DoH, the DNS provider is likely to be itself, i.e. Google.

If EU providers had to establish whether they would want to make a better privacy-by-design effort than Cloudflare and Google have already done then, according to Article 25 of the GDPR, they would have tobe the preferred choice for browsers in the EU. Data Protection Agencies would have to assess whether the browser makers have really opted for the most privacy enhancing DNS providers. However, as of today, there is nothing to suggest any EU DNS company would be able to credibly claim that they top Cloudflare on DNS privacy. Like it or not, the current plethora of DNS providers is not conducive to data privacy at all.

DNS discussions are currently ongoing at the Internet Engineering Task Force (IETF), the global standardisation community for low-layer internet protocols. EDRi member ARTICLE 19 is following the discussions on best practices for state-of-the-art privacy-by-design and data management.

DoH is, at least partially, a concrete and positive effect of EU leadership on data protection issues.Hopefully, it will serve to enhance protections of personal privacy while making internet back-end services less obscure. IETF standard setting will provide a benchmark for robust privacy protections in DNS. But these developments are also an example of how EU internet infrastructure organisations and their governors have some way to go before they can be at the top of the privacy game. The success of European global privacy leadership will be measurable by how it reacts to these necessary privacy enhancements.

Read more:

Improving DNS Privacy in Firefox
https://blog.nightly.mozilla.org/2018/06/01/improving-dns-privacy-in-firefox

“Avskrivningsbeslut Säkerhetsbrister i kundplacerad utrustning” (Only in Swedish)
https://pts.se/globalassets/startpage/dokument/legala-dokument/beslut/2015/internet/teliasonera_avskrivning-i-arende-14-11117_20151215.pdf

IETF DNS PRIVate Exchange (dprive) Working Group
https://datatracker.ietf.org/wg/dprive/about/

(Contribution by Amelia Andersdotter and Mallory Knodel, EDRi member Article 19, United Kingdom)

The net neutrality rules are the rules that ensure that users, and not the provider, are free to decide what services to use online. These are the rules designed to make sure that “access to the internet” continues to mean “access to the entire internet”. The evaluation is vitally important, because many providers throughout Europe are starting to offer subscriptions where the traffic of certain services receives preferential treatment.

The study on which the evaluation will rely on has been awarded to the law firm Bird & Bird, in consortium with the research and consultancy company Ecorys. In EU Member States like the Netherlands, Bird & Bird represents most major telecom operators on matters related to the telecommunications regulatory framework, including net neutrality. For example, Bird & Bird represents T-Mobile in the pending court case EDRi member Bits of Freedom has initiated against the decision of the Dutch Regulatory Authority ACM not to take action against T-Mobile’s zero-rating offer. This court case revolves around the practice of zero-rating and the interpretation of the net neutrality rules that are also the subject of the study.

Although there is no reason to doubt the legal expertise and experience of Bird & Bird, one could and should have concerns with awarding this particular study to this law firm. Given the fact that this firm represents telecom operators in conflicts surrounding this legislation, there are reasonable questions to be raised about its independence and impartiality in conducting the study. It raises questions about the validity of the results and could be damaging to the credibility of, and the confidence in, the evaluation of the net neutrality provisions by the European Commission and the resulting measures taken by the European Commission.

A number of European organisations defending users and consumers have asked the European Commission to provide a written confirmation of the impartiality of this study. The confirmation should include a list of all measures taken by the European Commission and/or Bird & Bird to ensure the independence and impartiality of the evaluators conducting the study and the quality of the report. Particularly in light of these problems, it is vital that the Commission presents a balanced report based on the findings of Bird & Bird.

This article was originally published by EDRi member Bits of Freedom. It is available here. A version in Dutch is available here.

Read more:

Net Neutrality
https://www.bof.nl/dossiers/net-neutrality/

Bits of Freedom’s court case about zero rating (06.08.2018)
www.bof.nl/2018/08/06/bits-of-freedoms-court-case-about-zero-rating/

15 organisations ask the European Parliament not to weaken net neutrality enforcement (27.04.2018)
edri.org/15-organisations-parliament-not-weaken-netneutrality-enforcement/

Dutch ban on zero-rating struck down – major blow to net neutrality (17.05.2017)
edri.org/dutch-ban-on-zero-rating-struck-down-major-blow-to-net-neutrality/

(Contribution by Rejo Zenger, EDRi member Bits of Freedom, the Netherlands)

Three suspensions, three apologies

In January 2018, pro-choice organisation Women on Waves receives a message stating it has violated YouTube’s “community guidelines” and therefore its account has been taken down. The account of Women on Web, Women on Waves’ sister organisation, is suspended too. No specifics are offered, but they are no longer able to access their account or the content on it. They appeal through YouTube’s appeal mechanism, but nothing happens. They subsequently issue a press release which proves more effective: their accounts are reinstated.

Fast forward to April. Since the reinstatement of its account in January, Women on Waves hasn’t uploaded any new material. Yet their account is suspended again and for the same reason. Just like that, Women on Waves’ videos, available in a dozen different languages, are no longer accessible to people searching for reliable medical information on safe abortion. In Europe this couldn’t have come at a more inconvenient time, namely thirty days before Ireland’s abortion referendum.

Women on Waves’ suspension doesn’t go unnoticed. Where in January it was a press release that leads to the reinstatement of their accounts, in April it seems to be a number of tweets directed at YouTube and YouTube CEO Susan Wojcicki that cause YouTube to act. The result is the same: YouTube re-reviews the account and concludes Women on Waves isn’t in violation of its community guidelines. The account is put back online and along with it Women on Web’s account.

Sadly, a month later the same thing happens again: on June 15, one of Women on Web’s videos is taken down and soon the entire account follows. On June 16, Women on Web appeals the take-down – this is denied on June 18. Two days later, after we reach out to YouTube Netherlands, Women on Web receives a message informing them their account is being reinstated after all.

#sorrynotsorry

All sounds a bit tedious? We agree. Together with Women on Waves and Women on Web, we got in touch with YouTube Netherlands last May. We asked if they would share why and how the accounts were flagged, and how the decision was made to put them back online. We were told this is internal information that can’t be made public. Further probing was met with more deflection: YouTube takes down so much content each day, mistakes are bound to be made. Soit.

Users can’t rely on YouTube

Of course, YouTube isn’t the open internet. As a company, it decides what content is allowed and what isn’t. We’ve seen numerous examples of this, from its efforts to push certain types of content or accounts, to the “concealing” of LGBTQ+-related videos. And from the forced monetization of some accounts, to the demonetizing of other, “unfavourable”, ones. But as we’ve seen, the company doesn’t even always know itself what it finds unfavourable, so how are users supposed to anticipate its rulings? YouTube’s mission is “to give everyone a voice”; it doesn’t hesitate to rob you of it, either.

This whimsical decision making might be considered cute, if YouTube didn’t hold so much power. Because as it stands, YouTube is the one website people visit to search for video content. This position of power is reinforced by the fact that in many countries YouTube and telecom providers have struck deals to offer you traffic to youtube.com “free of charge”. And don’t forget: in many countries visiting youtube.com is a lot safer than visiting womenonwaves.org. In other words, if you want your video content to be accessible, you need YouTube.

YouTube turns users into passive participants

Women on Waves’ accounts have been suspended and subsequently reinstated three times this year. Not because of YouTube’s complaint procedure, but because Women on Waves has a network of journalists and high profile followers that could draw attention to the ban and force YouTube to act. This might have worked now, and it might have worked for Women on Waves, but it can’t, and shouldn’t, be relied on to work in every case and for everyone. As long as YouTube doesn’t give more meaningful insight into their content moderation process, their users will remain on the sidelines.

If you don’t already have friends in high places (or at newspapers), start making them now – you’ll be needing them.

(Contribution by Evelyn Austin, EDRi member Bits of Freedom, the Netherlands)

This article was originally published on Bits of Freedom website. You can find the original article here.

The launch date is significant:

– it is 96 hours after the European Commission’s most recent terrorism Directive is due to come into force (including measures on addressing terrorist content online).

– it is not quite a full year since the European Commission launched a press release on its Communication on Tackling Illegal Content Online, about getting internet companies to “tackle” illegal content

– it is slightly over six months since the European Commission launched a press release about its Recommendation on “effectively” tackling illegal content online

– it is somewhat more than two years since the Commission launched its press release on tackling (“illegal”) “hate speech” that in the meantime has produced no statistics about how much of the content being deleted is actually illegal or the actual impact of the measures.

Issues which will not be included in the European Commission’s upcoming press release on its new getting tough on internet companies Regulation include:

– the fact that it has no idea if or how many instances of serious crime and terrorism reported by Europol to internet companies ever get investigated or prosecuted (Europol also does not know if the reported content is actually illegal)

– the fact that neither the European Commission nor Europol know how much potential evidence is deleted by internet companies as a result of reports issued by Europol to internet companies

– the fact that the European Commission has failed miserably to collect meaningful data on the availability and removal of illegal child abuse material. This was severely criticised by the European Parliament, in a European Parliament Resolution passed by a vote of 597 votes in favour and six against.

The Regulation comes three months after the French (Collomb) and German (Seehofer) interior ministers sent a letter to the European Commission demanding that internet companies be made liable (as they already can be under the 2000 E-Commerce Directive) for failing to act quickly when they are made aware of illegal activity. In a separate development a few days after sending that letter, Interior Minister Collomb, failed to take action upon receiving a video containing apparent evidence of a serious assault. He reportedly told a parliamentary committee of enquiry that it wasn’t his job (Interior Minister) to do this. It is the job of internet companies to fight illegal activity, not the job of a national minister with responsibility for security, it appears.

It is, of course, a complete coincidence that the European Commission did exactly what the French and German ministers told them to do. Anything else would be a blatant breach of the oath of office of the College of Commissioners. Each Commissioner has solemnly undertaken “neither to seek nor to take instructions from any Government or from any other institution, body, office or entity”.

Read more:

Guide to the Code of Conduct on Hate Speech (03.06.2016)
https://edri.org/guide-code-conduct-hate-speech/

The time has come to complain about the Terrorism Directive (15.02.2017)
https://edri.org/the-time-has-come-to-complain-terrorism-directive/

Europol: Delete criminals’ data, but keep watch on the innocent (27.03.2018)
https://edri.org/europol-delete-criminals-data-but-keep-watch-on-the-innocent/

Who are you and what is your organisation’s goal and mission?

Hermes Center for Transparency and Digital Human Rights is an Italian civil rights organisation focusing on the promotion and development of the awareness and attention to transparency, accountability, freedom of speech online and, more in general, the protection of rights and personal freedom in a connected world.

How did it all begin, and how did your organisation develop its work?

The origins of Hermes can be traced back to the start of the GlobaLeaks project and its fundamental need for an organisation that advocates for privacy and digital human rights in Italy in an organised manner.

The Center has been formally registered in 2012 by bringing together the most active members of Italian privacy communities for years, all being part of the “Project Winston Smith” (PWS), the former “Anonymous Organisation”.

From its creation, Hermes immediately reunited a unique mix of activists, lawyers and hackers operating in the national and international context, with core activities ranging from software development of whistleblowing and anonymity tools up to very relevant digital rights advocacy activities like support of journalists, organisation of awareness-raising events, drafting of op-eds on these issues for national media, along with policy, advocacy and support for policy making.

Its main goals have been fully supported over the years by volunteers and by private donations for their works (conference presentations, free workshops, conferences and panel organisations).
Funding has mostly been provided by the Open Technology Fund in Washington and the Hivos foundation in Den Haag in form of research grants for its software development projects, GlobaLeaks and Tor2web.

The biggest opportunity created by advancements in information and communication technology is…

… the free flow of information, the possibility to connect instantaneously with people from all over the world to discuss and organise on common topics. Furthermore, these technologies can foster more transparency and accountability of the government and help citizens to defend their rights.

The biggest threat created by advancements in information and communication technology is…

… the pervasive state of surveillance that presents two different and somehow overlapping faces: surveillance capitalism by companies and police surveillance.

Which are the biggest victories/successes/achievements of your organisation?

We advocated for the adoption by the Italian Anti-Corruption Authority (ANAC) of an online whistleblowing platform using onion services, giving whistleblowers a secure way to report illegal activity and at the same time protect their identities.

With the same goals and similar activities, through a network of EU partners and mostly in collaboration with Xnet, the Center supported Barcelona City Hall, the Anti-Fraud Authority of the Catalonia, the Anti-Fraud Authority of Valencia and the Madrid City Hall in the adoption of free and open source technologies among which, first of all, the mentioned GlobaLeaks whistleblowing framework created by the Center which is now used worldwide by more than 300 organisations.

Additionally, together with other Italian organisations, we managed to push the Italian Ministry of the economic development (MISE) to revoke the export license of Area SpA, a well-known surveillance company.

If your organisation could now change one thing in your country, what would that be?

We would like to change the approach by politicians to the discussion around digital rights, and achieve greater civil society involvement.

What is the biggest challenge your organisation is currently facing in your country?

Last year, the Italian government introduced a new data retention law, extending the collection and retention of phone and telecommunication metadata to a period of 72 months. This measure is clearly against the CJEU case law on data retention. At the same time, we are concerned with government surveillance, which lacks a clear legal framework, and we are firmly opposing the adoption of electronic voting systems being discussed by the government.

How can one get in touch with you if they want to help as a volunteer, or donate to support your work?

You can reach us on Twitter, Facebook and visiting our website. There you can find our official contacts and those of our members. There is also the possibility of making a donation or volunteering.

Read more:

Edri member in the spotlight series
https://edri.org/member-in-the-spotlight/