European Policy, Free Expression, Government Surveillance, Open Internet
EU Tech Policy Brief: February 2018
This is the February issue of CDT’s monthly EU Tech Policy Brief. It highlights some of the most pressing technology and internet policy issues under debate in Europe, the U.S., and internationally, and gives CDT’s perspective on them.
CDT Responds to ‘Fake News’ Public Consultation
CDT filed its response to the European Commission’s public consultation on tackling ‘fake news’, which was announced by Commissioner Mariya Gabriel in November of last year, along with the creation of an expert group. In our comments, we first point out that there is no consensus on a definition of the concept, something the consultation document acknowledges. Second, there is a need to gather credible evidence about the existence of material fitting the description, and any impact it may have. Third, the consultation does not acknowledge that the ‘fake news’ issue is now top of the political agenda due to the Russian regime’s deliberate, sustained, and increasingly well-documented strategy to interfere with the 2016 U.S. elections.
Our advice for governments and public authorities is to minimise and where possible eliminate existing restrictions on free expression, refrain from imposing monitoring and filtering obligations on intermediaries, and in general provide for a diverse media landscape. News organisations should report the facts as objectively and accurately as possible. Social media companies should provide data that allows researchers to assess the problem and the effectiveness of the measures taken to counter it. We also point out that the Expert Group process will probably be used by publishers’ organisations to lobby for Article 11 (ancillary rights) of the draft DSM Copyright Directive. This would be a diversion from more productive discussions: this idea failed to secure funding for publishers in Germany and Spain, and had unintended consequences for access to information.
CDT Joins Open Letter to EC Calling For Urgent Consideration of Approach to Tackling Illegal Content
In September 2017, the European Commission published a set of guidelines and principles for how online platforms should address illegal online content. The guidelines urge companies to ‘voluntarily’ install automated filtering, endorse ‘trusted flagger’ systems, and encourage faster takedown of flagged material with no judicial oversight. We have been very critical of this approach, but the Commission seems to be pushing ahead at full speed. The leaked Recommendation on the issue, which the Commission intends to publish at the beginning of March, shows that it not only continues to push for privatised law enforcement when dealing with ‘illegal’ content online in general, but specifically adds pressure on online platforms to quickly remove ‘terrorist content’. We raise the significant free expression risks in a joint letter addressed to the Commission requesting that it reflect more on its approach to tackling illegal content online.
Copyright Rapporteur Backs EC’s Proposal on Article 13 in ‘Compromise’ Amendments
EP Rapporteur on the DSM Copyright Directive, MEP Axel Voss, finally proposed compromise amendments on Article 13 (upload filter obligation). Not surprisingly, they mirror the Commission’s proposal with minor modifications. As MEP Julia Reda rightly points out, Mr Voss did not take into account the vast amount of criticism from civil society, industry groups, and academics. Mr Voss maintains that all platforms hosting and providing public access to “significant amounts” of user-uploaded content are obligated to prevent content which rightsholders have identified as copyrighted from being uploaded in the first place. While this provision no longer mentions ‘content recognition technologies’ explicitly, in practice the obligation cannot be met without upload filtering technology. We have warned on numerous occasions against the potential impact on internet users’ fundamental rights.
CDT Joins CEPS Task Force on Software Vulnerability Disclosure in Europe
In September 2017, the Centre for European Policy Studies (CEPS) launched a Task Force on “Software Vulnerability Disclosure in Europe”. This issue has been widely debated in recent years, with recent ransomware incidents and the rapid development of the Internet of Things putting this issue higher on the agenda. The CEPS Task Force looked at the key elements of this debate and attempted to create guidelines for the process of Coordinated Vulnerability Disclosure (CVD) in Europe. Moreover, it attempted to outline principles for Member States to develop a European vulnerability equity process. These recommendations may be used in European Parliament discussions on the draft Cybersecurity Package. Having done previous work in this area, we joined the Task Force earlier this year.
United States v. Microsoft: Would Compelled Disclosures From Abroad Violate the EU’s GDPR?
On 27 February, the U.S. Supreme Court heard oral argument in the United States v. Microsoft case, where the U.S. Department of Justice claims that warrants issued by a U.S. judge or magistrate can compel a U.S. communications service provider to disclose communications content the provider stores abroad. Last month, we joined with a range of trade associations and public interest groups in submitting an amicus brief to the U.S. Supreme Court, in support of Microsoft. Drawing from the arguments made by leading MEPs, EU privacy scholars and global NGOs in the other filed briefs, one of the questions raised is whether compelled disclosures from abroad violate the EU’s GDPR. In an article published on SCOTUSBlog, a non-governmental blog focusing on the U.S. Supreme Court, we concluded that such disclosure would likely be a violation. This is in line with the brief we jointly submitted.
CLOUD Act: U.S. Bill Poses Risk to Privacy of Internet Users
Early this month, a bill was introduced in the U.S. that, if adopted, would significantly amend the Electronic Communications Privacy Act (ECPA). The bill, known as the CLOUD Act, would authorize federal and state judges to issue warrants compelling U.S. providers to disclose user content that is stored outside the U.S., regardless of the user’s location. The bill would also allow the U.S. Department of Justice to authorize foreign governments to serve direct surveillance demands on U.S. providers. While CDT supports ECPA reform, we are of the view that a warrant should be required for the disclosure of communications content to governmental entities in the U.S. As it stands, the CLOUD Act doesn’t require a warrant, posing a real risk for trust in the privacy of data stored in the cloud, and thus the privacy of internet users.
Join Us for CDT’s Annual Dinner, “Tech Prom”
Our 2018 Annual Dinner will take place on 29 March in Washington, DC at the Washington Hilton Hotel. If you have any questions about sponsorship opportunities or any other details, please contact [email protected]. Don’t miss out on the tech event of the year!