EU Data Retention Directive Declared Invalid

The Court of Justice of the European Union today declared the Data Retention Directive invalid in a joint case brought by Digital Rights Ireland and an Austrian group. This is a great win by privacy advocates against a law that was over reaching, uncontained and unsafe. The courts own press release is a short three page read but some of the key elements include (all emphasis theirs):

  • the data “may provide very precise information on the private lives of the persons whose data are retained, such as the habits of everyday life, permanent or temporary places of residence, daily or other movements, activities carried out, social relationships and the social environments frequented”;
  • the directive interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data
  • “the directive covers, in a generalised manner, all individuals, all means of electronic communication and all traffic data without any differentiation, limitation or exception being made in the light of the objective of fighting against serious crime”
  • “the directive fails to lay down any objective criterion which would ensure that the competent national authorities have access to the data and can use them only for the purposes of prevention, detection or criminal prosecutions concerning offences that … may be considered to be sufficiently serious to justify such an interference” and “the directive does not lay down substantive and procedural conditions under which the competent national authorities may have access to the data and subsequently use them”
  • “the directive does not provide for sufficient safeguards to ensure effective protection of the data against the risk of abuse and against any unlawful access and use of the data.”
  • and, shockingly (if none of the above was shocking enought), “the directive does not require that the data be retained within the EU“.

This is indeed a good day for digital rights, privacy rights and common sense. We all owe a debt of gratitude to the volunteers at Digital Rights Ireland.

Tracking and Stalking on the WWW

I followed a link to a TED talk by Gary Kovacs, CEO of the Mozilla Corporation, earlier today in which he talks about the use of cookies and embedded objects to track us through the Internet. I always knew this happened and didn’t particular mind until recently:

I reviewed Zend Studio on Zend’s product page. But for weeks after, as I visited completely unrelated sites (non-PHP, non-programming), the embedded ads were often for Zend Studio. The obviousness of the tracking here brought it much more front and centre in my mind. Then Mozilla released Collusion which I installed and was quite shocked are the amount and degree of the tracking.

Watch the following short talk by Gary for more information. Then check out some plugins like AdBlock+, Collusion itself and ShareMeNot.

The Tor Project – Anonymity Online

For anyone with even a passing interest in the Tor Project and network, a recent presentation by Jacob Appelbaum at the TNC2012 is essential viewing. It can be viewed here (skip to about 48 minutes in).

I have of course been aware of the Tor Project for years but my opinion has always been blinkered by the notion that it’s fertile ground and enabler for spammers, illegal activity and, scariest of all, child paedophilia.

This presentation changed my mind – especially in the context (and graphs shown) in relation to recent spring risings in Egypt, Syria and other places. One exchange that stood out for me was when a gentleman (from “the fascist organisation known as” Cisco – seriously, know when to STFU) accused Jacob of being the equivalent to an arms dealer because his software is used in the Egyptian revolution but it is also supporting “abuse and bad things”. Some of Jabob’s response included (e. & o.e.):

We’re not arms dealers. I’m sorry to say it, because giving away information to all people freely and not charging for it – literally not charging for it – that’s significantly different to selling specific pieces of hardware to hunt down Falun Gong and kill them in a genocide.

There’s a huge difference there and if you don’t see the difference I would encourage you to consider what it would be like if you were that Falun Gong person.

There is a difference between that and building an anominity system where all people have access for free, to be able to read freely and to be able to speak freely.

And it is true that there is an unprecedented scale and, just like Gutenberg, it is unprecedented in an equal way that is, I think, a liberation technology if you will. I’m happy that people in Egypt used it because it’s a non-violent direct action that allows people to protect themselves.

Like if you invented penicillin for example. It is true that terrorists can heal themselves with penicillin. But I think that we would generally all agree that it is better that humanity knows how to cure disease than not to cure disease.

And it is true that bad people will always be able to do bad stuff, but the question is will good people be able to do good things? And is the intention (of Tor) for good people and regular people to be able to do good things?

I think the important thing here is that the good outweighs the bad. It is a neutral technology in the sense that everyone has anonymity – but it is not neutral in one important way which is that everybody in this room has privacy and anonymity and the ability to resist censorship in a way where previously the power dichotomy was flipped. There’s an asymmetric power relationship and now it’s the other way. And so, for example, if you can’t target someone for exploitation anymore, you’re in a totally different camp. You’re reduced to a different way of behaving and that isn’t equal but it’s not equal in the sense that it empowers every person on the planet to have that which is very very different in a positive sense from some of the things we’ve seen in the past with technology. Because the technology that wires us all together may very well be, for some of us, the very thing that strings us up.

I guess the real question and blocker for me establishing a Tor relay is the position of the Irish Gardaí and legal system and my own potential personal culpability of what may be accessed through that relay. Does anyone have a definitive answer to this?

There are a (small) number of Tor relays in Ireland however:

And quite a few users:

Tor Users in Ireland

To finish, one of the things that surprised me a lot was some of the sponsors of the Tor Project which include: the Broadcasting Board of Governors, the Naval Research Laboratory, Google, Human Rights Watch, Electronic Frontier Foundation, DARPA, the National Science Foundation and a number of educational institutions, ISPs and others.