Domani dalle 18.45, interverrò al Global Risk Forum nel panel “Quali sono i rischi che una azienda deve affrontare per una mancata armonizzazione al quadro regolatorio con particolare attenzione alla protezione dei dati e ai rischi connessi”, organizzato da Business International, gruppo Fiera Milano. Per info qui businessinternational.it/Event…

guidoscorza.it/quali-sono-i-ri…

On the day before the crucial vote on the European Parliament‘s negotiating mandate on artificial intelligence, Pirate Party MEP Patrick Breyer levelled serious accusations against EU governments, the EU Commission and conservative MEPs who want to allow automated facial recognition in public spaces. At the same time, Breyer justified the cross-party motion to add automated behavioural surveillance to the list of prohibited technologies.

His speech in full:

“Governments in France and elsewhere dream that machines could rid the world of all evil if only they could whisper to us who is going where with whom and when, or who is behaving ‘abnormally’.

In reality, not a single terrorist has been found with biometric mass surveillance, not a single attack has been prevented, instead countless arrests of innocent citizens have been made, up to 99% of citizens have been falsely reported as suspects.

Your supposed exceptions are window dressing – thousands are wanted by judge’s order at any time.

You open a Pandora’s box and lead us into a dystopian future of a distrustful high-tech surveillance state based on the Chinese model. You are willing to hand authoritarian governments of the present and the future an unprecedented weapon of oppression.

Under constant surveillance we are no longer free!

Automatic behavioural surveillance destroys freedom, diversity, protest. We don’t want to live in a dead, conformist consumer society of yes-sayers.

Let’s secure a future free of biometric mass surveillance for Europe, and a future of freedom and diversity for our children!”

patrick-breyer.de/en/artificia…

A German diplomatic correspondence that was leaked by netzpolitik.org on Friday and other documents reveal the insistence by EU member state governments in blanket mass surveillance in the form of data retention and ideas to make secure encryption illegal. The fundamental rights jurisdiction of the highest EU Court is seen as a problem, while Governments are wishing for a new narrative that would change the way we look at privacy and surveillance.

The documents talk about the Swedish Presidency’s “Going Dark” program that aims to extend law enforcement capabilities with a focus on over-the-top (OTT) media services, End-to-end encryption (E2EE), the Electronic Evidence Regulation, the ePrivacy Regulation, the Media Freedom Act, the retention of citizen’s communications meta data and access to Whois data. According to the German diplomatic correspondence member state governments share a “a largely homogeneous opinion” about that program.

Data retention: Insisting in illegal mass surveillance

The Swedish Presidency complains that “the impact of limitations to data retention requires to be aware of the loss of data” (PDF). This interpretation is in line with the overall debate in the Council but ignores the actual situation: The ECJ has constantly expanded the exceptions to the general rejection of blanket retention of citizen’s communication data over the years. Nevertheless, governments repeatedly violated the Court’s rulings causing a crisis of the Rule of Law in the EU. As a consequence, too much rather than too little of citizens’ communications data is being stored for no reason. Addressing a “loss of data” in this situation ultimately refers to the Government’s actual desire: a nation- and EU-wide, round-the-clock retention of everybody’s communications meta data, which has consistently been ruled illegal. The Belgian government that has again passed a law that provides for illegal mass surveillance only recently, declares in a Council document: “we need to strike the right balances (…) but also with regard to commercial interests and business models that guide the industry”. Likewise, the Czech Republic proposes a new argument as an attempt to justify the retention of citizen’s communication meta data to “distinguish legitimate calls from fakes using combination of contact number spoofing with AI voice manipulation.” Member state governments appear to have no other idea of how to design police work on the Internet but by means of mass surveillance.

The German correspondence notes: “Currently, an “outcry” from law enforcement agencies is clearly perceptible.” In March this “Outcry” became publicly visible when the European Police Chiefs released a Joint Declaration that likewise blames jurisprudence: “The case law of the CJEU (…) presents a significant hurdle to Law Enforcement Agencies” (PDF). Seen from a fundamental rights perspective the opposite is true.
Case law allows for extensive retention of citizen’s communication data and provides law enforcement agencies a legal frame for their work. Neither the CJEU’s jurisdiction nor citizen’s rights present a hurdle but Governments that repetitively passed illegal laws on data retention that foreseeable failed in courts created that hurdle over a course of 15 years. The representative of the Estonian government for example completely rejects the Court’s jurisdiction: “it is not possible to implement the solutions proposed by the ECJ.” The ignorant will to mass surveillance has prevented reliable solutions as digital rights experts have explained.

Unsubstantiated claims in the loop

The Joint Declaration of the European Police Chiefs keeps following a downward spiral by repeating unsubstantiated claims: “Unclear and insufficient retention periods in the case of storage of data for commercial purposes. This is particularly problematic in countries that do not (in accordance with the rulings of the CJEU) have any legal obligation for service providers to retain non-content data (…).” Fact is, that data retention laws have no measurable effect on the crime rate or the crime clearance rate in any EU country as a study by the European Parliament’s Research Service (EPRS) finds.

Public relations against fundamental rights

Because there is a great deal of resistance from civil society and from constitutional courts when it comes to data retention, the Presidency wants to develop “a better and more complete narrative” (PDF) to achieve its goals.

Responding to that, the Austrian Government suggest to add rules of criminal procedure to Single Market Dossiers and emphasises that it is of importance to not only take legislative action but also to do “Public Relations” work, for example to raise awareness accordingly in the European Parliament. The representative of the Lithuanian government welcomes that PR approach as “it offers the opportunity to change the narrative (…) turn around the wrong impression that law enforcement is the main source of risk to the fundamental rights.” (PDF)

Is the door weaker if someone has the key?

Referring to the Member States debate of the “Going Dark” program, the German diplomatic correspondence reads: “The question arises whether legal adjustments might be necessary in view of the fact that encryption technologies such as Encrochat could be legally distributed up to now. (…) With end-to-end encryption, it is impossible to intercept information, which is why, for example, there are discussions about the Media Freedom Act. (…) There is therefore a need for good instruments that are in line with EU values and do not prevent encryption altogether.” Adding to the ongoing debate, the representative of Estonia is asking: “is the door weaker if someone has the key?”

A Crisis of the Rule of Law

The documents show a considerable distrust of fundamental rights and the Rule of Law on the part of the member state governments. The German diplomatic correspondence refers to the view of the Swedish government: “It was astonishing how much the ECJ prioritized privacy over other legal rights and principles. The IRL und LVA also commented accordingly on the ECJ decision.” The representative of Estonia is of the opinion that the CJEU is “forced to always refer to the Charter of Fundamental Rights (…) until the EU comes up with a solution that would allow them to reassess the principles and approach to this”.

“Going Dark” is a myth

The notion of “Going Dark” refers to the phenomena that “criminals can commit crimes in ways that law enforcement cannot detect and intercept.” This is a myth created by US intelligence agencies. In truth authorities have never had access to information on our private lives as comprehensive and all-encompassing as in today’s digital era.

Instead of concentrating on repeatedly successful means of targeted investigations that focus on suspects and perpetrators, the EU member state governments try to interfere with the foundation of the Internet and the Rule of Law in a way that affects everybody’s privacy and fundamental rights. Alternatives, amongst others, a democratic improvement of policing through better trained and equipped personnel and better child protection through more competent and better equipped authorities are not considered. This gap is all the more problematic as there is no evidence that there is a legal lack of law enforcement capabilities in the European Union. Laws were much more tightened and expanded and with the new Electronic evidence regulation yet another tool for law enforcement will help to improve investigations which are in general already highly successful, if governments provide sufficient personal and technical resources.

patrick-breyer.de/en/leak-data…