For example: say that LinkedIn was to experience a new data breach, and they fail to inform the authorities or their customers in time, then they can be fined for up to 120 million USD (based on a revenue of 5 billion USD)!
I'm surprised that it's so little known here, as the impact will be massive.
GDPR is EU wide regulation that trumps national privacy laws. It doesn't even need to be approved by individual members, so when it goes into effect on 25 May 2018, it will be working EU-wide on the same day. Furthermore, it affects companies all over the world that serves EU citizens. There's much skepticism on how EU will enforce this law worldwide, but for now it was quite successful dealing with big companies, remember: Microsoft vs EU (paid €561 million fine), multiple cases of Google vs EU (right to be forgotten, Ireland tax rulling, ongoing case vs Android), Facebook/WhatsApp vs EU (€110 million fine) etc. To answer your question: no, there will be no conflicting laws - if you serve EU citizens, you must follow GDPR. From my personal perspective, GDPR is one of those not-so-often moments that I'm proud of EU.
No gdpr applies if companies target EU citizens . My personal opinion of the law is that its as useless as cookie law but way more costly and unpredictable.
 (122), Pg 22, https://docs.google.com/viewer?url=http%3A%2F%2Fec.europa.eu...
 Pg 13, https://docs.google.com/viewer?url=http%3A%2F%2Fwww.linklate...
The mere accessibility of your website by individuals in the Union or use of the languages of one of the Member States in the Union (if the same as the language of your home state) should not by itself make you subject to the Regulation. However, the following factors are a strong indication that you are offering goods or services to individuals in the Union and so are subject to the Regulation:
> Language - You are using the language of a Member State and that language is not relevant to customers in your home state (e.g. the use of Hungarian by a US website).
> Currency - You are using the currency of a Member State, and that currency is not generally used in your home state (e.g. showing prices in Euros).
> Domain name - Your website has a top level domain name of a Member State (e.g. use of the .de top level domain).
> Delivery to the Union - You will deliver your physical goods to a Member State (e.g. sending products to a postal address in Spain).
> Reference to citizens - You use references to individuals in a Member State to promote your goods and services (e.g. if your website talks about Swedish customers who use your products).
> Customer base - You have a large proportion of customers based in the Union.
> Targeted advertising - You are targeting advertising at individuals in a Member State (e.g. paying for adverts in a newspaper).
How is this useless for end-users? It forces companies to encrypt this data at rest, and allow users to delete it when they want.
EU law does not subsume US law.
Companies did this before the internet and even with internet they did it for China regulations.
I mean, even translation to different languages is basically "special implementation" for different countries...
As an analogy, if I recall correctly banks have very stringent laws to follow regarding data export and money export to other countries. The solution they choose is to have a bank per country, not a global bank.
This is exactly what is being done by the large corporations that can afford to do it. European datacenters staffed by Europeans. Americans are not allowed to view any PII for any European (at least with the company I work at).
Russia requires the same thing, although they just want the servers in their country so they can put a SORM-3 alongside it and intercept whatever data they want.
For example, what happens if US courts demand data you have stored on Irish servers, but an EU citizen asks that you destroy this data?
Do you destroy the data and risk being charged with destruction of evidence in the US? Or do you keep it and risk being non-compliant with the GDPR?
There is nothing stopping you from shooting yourself in the foot either. (Or stabbing I guess in case you don't have access to firearms)
Of course there is. You comply with both laws or suffer the consequences. If you can't comply with both, you choose the cheaper law to break. If that's too expensive, your business sucks.
This is an example of why some local services are winning out against global competitors. Respect for and knowledge of their specific niche.
It seems all good for this specific policy because most of us agree with it globally. But data protectionism and/or extreme regional deviations/regulations in law will reduce the globalism everyone shares. Other options (such as educating the populace or encouraging competition) can be more effective than restrictions.
This is something to think about as the EU grows smaller, not larger. Even today, small companies with fewer EU users may stop and think about providing access at the cost of, e.g., building a portal for them to manage cookie settings.
I guess we'll see what happens with Brexit, but I would argue that the EU is growing in global importance and leadership. With the USA's recent NSA scandals, isolationist rhetoric, and backing out of international environmental agreements, I think we're going to see the EU increasingly set the tone for international trade.
I'm sure there will be plenty of tech firms that choose to serve only US customers (in the same way that there are Chinese-only and Russian-only companies today), but competing "globally" will mean following the EU's lead.
That's a different type of restriction than respecting user privacy because you can't apply the same approach everywhere. A company could easily extend the same rights to all their users. If your offering needs to violate user privacy to exist, maybe it shouldn't.
>Other options (such as educating the populace or encouraging competition) can be more effective than restrictions.
This appears disingenuous.
1. Competition: In your example above respecting user rights nets <0 ROI. There can be no competition here that respects user rights, so how would this help the situation? Conversely, restrictions will encourage competition by protecting less profitable and wealthy ventures from predatory global competition solely focused on maximizing profit.
2. Educating: You're seeking to shift responsibility from experts to laypeople, then blame the laypeople for their lack of education. It's like suggesting we should eliminate building codes then educate people on proper construction. Basically you are advocating for schools and high-rises that collapse.
What the EU is trying to do is make it so countries outside the EU only have to think of the EU as a single country. This is why theres a single market and single currency.
I think this is a good set of data protections and hope there are ways to make compliance incredibly low friction.
In other words, it's not a replacement: it is an additional set of rules to keep (although most of it would be a superset of various national laws).
I quote from the title of 2017/0003/COD
COM (2017) 10:
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT
AND OF THE COUNCIL concerning the respect for private
life and the protection of personal data in electronic
communications and repealing Directive 2002/58/EC
(Regulation on Privacy and Electronic Communications)
My point still stands - you still need to conform to both GDPR and the state-specific legislation.
But assuming that I am right, then a replacement directive would simply cause the states to update their laws and nothing would really change in terms of complexity compared to the situation before.
So yea, a 20M EUR fine could destroy a startup.
(To be pedantic, we build technology to serve business goals, which are fulfilled within the larger context of serving human goals. Laws like these are to prevent shortcuts that would serve business goals while at the same time be detrimental to human goals.)
If our company had to delete all customer data for a particular customer, then I would need to:
restore 6 months of database backups individually, remove the data, then run then take and store each backup again.
have 3 years worth of tape backups shipped back to us from our data protection company. Restore the databases off of them, delete the data, store them back on tape, and have them shipped back to the long term storage facility.
I think soon enough, privacy is going to become a serious competitive advantage for Europe because it'll translate into consumer confidence and business confidence .
If anyone reading has some suggestions for EU based alternatives to popular websites/apps I'd love to hear.
Just this year, EU regulations destroyed my LTE data plans, hugely increased my cost of Swiss travel (the same) and ruined my hobby because terrorism.
I don't see how this law benefits anybody except filling up the EU budget by collecting fines. The companies are already careful with their data as any leak would affect their image extremely negatively.
If one needs a good example of why Brexit happened, here it is.
Less sarcasm, more thinking. Shocking as it may be to you, even people you politicially disagree with may have a point or two.
And they're not startups, just small businesses, the difference being mostly the funding. Investing a million for some people to burn through and say "yah, that didn't work" is very much unacceptable.
The fine is also based on the revenue of the parent company. Say that Nest would be fined, then the revenue of Alphabet Inc. would be used as a reference point! A good enough incentive to make sure that all parts of your operations are covered :-)
Well, GDPR is a big topic, and it not yet clear how all the provisions will be implemented. It is not that different from the (currently valid) Directive, but it does clarify certain points, and makes much more stringent penalties, as mentioned in parent post (the fine is actually 4% of the global revenue, or 20M Euro, whichever is greater).
The changes in respect to the Directive are, in short:
• GDPR applies to the processing of personal data by controllers and processors in the EU, regardless
where it takes place
• Penalties – up to 4% of annual global turnover or 20M€ (whichever is greater)
• Consent – conditions are strengthened (clear and plain language, explicitly related to the
processing, easy to withdraw)
• Breach notification
• Privacy by design
• Right to be forgotten
• Data Protection Officers
• Right to access
Different comment points out that the Regulation, unlike Directive, makes GDPR valid in all EU countries, and this is true. However, the EU states are free to implement their own data privacy laws, which of course, need to be in line with the GDRP. This may potentially introduce legal inconsistencies across the EU for certain points.
Also, one should not underestimate the legitimate interest of the service provider, or controller, to retain the data, even if the user has asked for the data to be removed. The data may also be retained by the request of relevant public authorities, etc. One comment has suggested what will happen if the EU citizen requests the removal of it's data, while the US public authorities asks for access to this data. In this case, the relevant EU public authorities may request for the data to be kept (or not, I guess this will be decided on case by case, also the provider may have a legitimate reason to keep the data..).
And of course, the biggest problem, the transfer of data to non-EU countries. For this, there are several ways to do it, one is mentioned already, i.e. user consent (which must be clear and unambiguously given, and can be revoked at any time). Then, of course, there are contracts, binding corporate rules, etc. For EU-US transfer, there is Privacy Shield for transfer of data to US (which is a replacement for the Safe Harbor, stricken by EJC), but this is mostly for commercial services (so it does not work for academic environments..).
There are some other interesting aspects to GDPR, but this post is already getting a bit long. For more info, these links are interesting:
 https://aarc-project.eu/aarc-infoshare/ -- for academic environments..
There are multiple WP29 interpretations on various points (some of them are actually human readable, not just legal talk..), etc. In any case, it will be interesting to see all these developments in the future.
[Edited for mistakes..]
Not quite. That sort of fits the current model, such as Facebook not deleting data, just restricting access. In this case, data should be marked for deletion, "within a reasonable time frame". Data controllers may not retain the data indefinitely, no matter how much they want to.
In practical terms, the implementation of that will probably be influenced by the fact a user should be able to download all their data without hindrance, (Data Portability).
The "states shall not impose any obligations" is a great thing, but "shall ensure that ... guaranteed ..." isn't so much. Your Parliament basically tells you how to write your software, and while this particular cause may be good - the general concept isn't healthy.
Granting governing bodies this level of control... that must require exceptional levels of trust in those bodies and all future ones that could be their successors. I'd argue that it's better to have the very contrary thing - a ruling that no governing body may ever dictate how one can secure their communications and how they can't (or, in more general terms - how one can write their software). Oh, and keep the "states shall not impose" clause, of course.
Yes, that leaves data-miners with their messengers still vulnerable, but I think it's less important than a general non-interference principle. And I'm for having fines for calling non-E2E messengers "secure" if the wording may confuse user into thinking it's E2E - that's basically misadvertising. The issue is information gap and "clever" marketing - fix that and things will be good.
 It may be a problem for early prototypes, if they had started with UI/UX and a simple insecure "TCP socket server"-level stub for the messaging layer. Mandatory implementations are always a barrier.
Buildings have strict construction codes, and this improves the overall quality of buildings. If developing software is to be more like other professions, it should strive to move in this direction
As many other regulations, construction codes are there, because otherwise unrelated people lose property, get injured or even die. A building may deprive neighbors from enough sunlight, and that is unhealthy, so there are standards for insolation. A badly done electrical wiring can overload or short circuit - and the fire doesn't know about property ownership and jumps onto the neighborhood.
In a imaginary scenario, if one's on their own land, with no one else around (and no woods to burn, no basins to pollute, etc etc) - I don't think mandatory state building codes would make any sense. And in the virtual space, things are frequently just like that - if something goes kaboom, it only impacts that system. Of course, some exceptions apply (NTP DDoS amplifiers, misconfigured MTAs or hacked websites abused for spam, etc).
And I think IM apps are very different from housing. Usually, compromised communications do not have any impact on third parties. And when they do there are usually provisions for that, e.g. HIPAA.
And its users. Unless you're the one living in the house (in which case I agree, do whatever you want) there has to be a certain guaranteed safety so the roof doesn't fall down on its tenants. I don't want to be a civil engineering expert to choose the place where I live; I expect the plumbing to work and the electricity to be safe. Likewise, a software user shouldn't have to be an expert in order to get safe software.
Most commercial software products aren't pieces of art, they are pieces of engineering like cars and bridges, and should behave as such
(Of course, there is software that is more akin to pieces of art; videogames come to mind. Even then, they shouldn't compromise the privacy of unsuspecting users)
Users are part of that system. If the system in centralized - it's a bus, not a car - if it crashes, everyone get injured. (BTW, should EP mandate distributed architecture or 6-nines SLAs? Reliability is as important as confidentiality.) The real problem is not that communications aren't encrypted or something. It's that users aren't aware what they get and what they don't.
> I don't want to be a civil engineering expert
Neither do I. But regarding software - I don't need to be an expert to hear "we can't access your messages even if we would want to". Why need government for that? And why make it mandatory? I just don't see your point except for analogies with other professions. What's the point of programming being like car manufacturing?
Personally, I want to be informed but free to chose whatever fits my requirements. That doesn't work well for buildings and cars (for the reasons I've mentioned in the parent comment), but that works very well for software. Non-mandatory certifications and attestations works just fine - e.g. we have IM software audited.
Interventions may be necessary if no one builds E2E messengers (assuming there is a demand - and there is), or all existing software is unusable. But I don't think the communications software market is that unhealthy.
And as I've said before, if someone advertises something as e.g. "100% secure" or "we can't read your messages" but it's false - that's basically a misadvertising.
Where I'm from (Russia), we had (and still have, to a some extent) a lot of competition in ISP space. This had happened just because government weren't particularly looking at that direction at the time (90s and early 2000s).
If one ISP did some weird stuff that upset customers, the market had actually worked and they lost profits, making them reconsider. This may sound weird, but that really was like that - "power" users were vocal, and word of mouth did spread fast. And absence of NN allowed ISPs to do things that were actually beneficial to the customers, like routing specific traffic differently so e.g. gaming would be smoother and files would download faster. Just because content customers meant good reputation - a stable userbase with steady growth. So I don't believe NN is a good idea if the market's right. It only makes sense if it's bad, with a few giant telcos and no competition.
[Edit: ignore this paragraph, please. I'm keeping it, but indeed it's a long stretch.] When the government decided they're going to get a grip on the tubes, things immediately got worse. No NN here, though, just censorship - a great pile of unsound kludges with mandatory monitoring and automatic fines if something goes through. But NN here would've killed tiniest ISPs just as well.
That's just how I see things. It very well could be that I'm mistaken here.
The problem in the US is the telecoms are divided across neighborhoods in a way that you don't get a choice. I only have the option of Comcast at my apartment building, it's that or no internet / use a 4G hotspot / satellite maybe? My parents house is similar, AT&T offers internet, Comcast only offers it as a package with cable tv. Both just began offering maximum rates of 30Mbps down / 6Mbps up this year! And this is in the suburb of a major city.
So when my ISP pulls crap, raises prices, or does something else I disagree with, I can't just change providers without also making several lifestyle changes.
My overall point was unrelated to what the current government does, though - it was that absence of NN can be beneficial - but only if there is a lot of competition, so when not being neutral doesn't help customers but hurts them, there is a proper feedback loop that makes ISP either have losses or reconsider.
Yes, I still do, and feel the same way.
I don't yet feel that I understand US realities well enough to be able to have a proper, informed opinion. Still, from what I've heard, there is very limited competition in a lot of areas, when there are essentially mono- and duopolies. In that case, NN may be beneficial, as it acts as a safeguard, as consumers can't vote with their feet. If things are really bad, I think I'd be for NN, but I'd really prefer there'd be some "this must be carefully reviewed in 4-5 years" clause. Otherwise... I'm not really sure, sorry. But, either way, I'd support those who seek to improve ways for new ISPs to start up and grow, as I've heard the entry barriers are very high in the US.
I got selected in DV 2018 lottery so, hopefully, if I'll get a visa approval, I will have to form a proper first-hand opinion in some years. :)
> The providers of electronic communications services shall ensure that there is sufficient protection in place against unauthorised access or alterations to the electronic communications data, and that the confidentiality and safety of the transmission are also guaranteed by the nature of the means of transmission used or by state-of-the-art end-to-end encryption of the electronic communications data. Furthermore, when encryption of electronic communications data is used, decryption, reverse engineering or monitoring of such communications shall be prohibited. Member States shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services.
If I'm going to play devil's advocate, this sounds like a European DMCA in the sense that it will prohibit removal of DRM, and tools which assist such removal.
In other words, this would constitute a ban on domestic SIGINT operations ala PRISM.
Think a proprietary streaming service client which you pay to have a license to use. Combine it with enough layers of HDCP and shitty illegal-to-break crypto and they'll have managed to plug your analog holes.
In other words, intent matters; we only pretend it doesn't (and let the legal system sort it out) because it's too hard to express into computer systems.
Reporters are picking up on it because it's unusually conciliatory - Commission (i.e. lobbyists), Council (i.e. governments) and Parliament (i.e. people) all seem happy to let it go through, in an area where nation-states have recently been quite belligerent versus their own citizenry. This could be a watershed victory for civil rights on par with FOIA laws, and it might happen after little or no unrest, which would be remarkable.
Or opensource client applications for proprietary messaging systems, though those get rarer these days.
This should apply to state-of-the-art encryption and only to third parties.
Note that this article is about the European Parliament, which indeed acts very often in the interests of us, the European citizens.
However, that one is not the "European government". More precisely, it is only one part of it (depending on how strict you want to draw your analogy).
This is really a pity! There should be more power to the European Parliament.
On the other hand, if the European Parliament had more power, lobbyists would engage with it much more than they do now. So maybe it would then become as biased as all the national parliaments. However, I really hope that the European Parliament is able to retain its quality if it gets more power, which is why I'm a strong supporter of giving more power to the Parliament, and consequently taking power away from the Council and the Commission.
While we are at it: If you haven't already done so, you should go and become a regular supporter EDRi. It is one of the very few civil rights organizations that act on European level (not just national level). They achieve astonishingly much, given their low budget. Imagine what they could achieve with a real budget!
This is no surpise. Note that the European Parliament is not allowed to initiate new laws, so any new law has to start at Council/Commission, almost by definition.
(As I said: The European Parliament should get more power. Where else do you have a parliament with a missing right of law initiative? WTF?!)
All they can do is trying to shape the law proposals by Council/Commission into a less hostile version. Sometimes they are even able to turn things around, but that works not very often.
As a subject of Her Brittanic Majesty however, I'm about to have that citizenship forcibly removed. The only other option appears to be to become a political refugee. Like if a third of people in your region voted and suddenly you were no longer to be a national of the country you were born in; it's weird.
Is one is younger and hold higher education, one can more freely move between nations.
But if one is older, more settled with family and such, and perhaps has done industrial work for most of ones life, i suspect one see less benefits from EU. Heck, some of the directives may be seen as disrupting hard won job security.
The structure is very close to that of a very powerful intergovernmental body, though, and there's not (yet?) a strong European polis/sense of shared identity. The democratic aspects of the EU as itself (rather than as a confederation of themselves-democratic national governments) are underdeveloped.
I don't know about that, there presumably has been research/surveys on it but are you making the statement based on assumption?
Even in the UK which is geographically separated, outside the Schengen area, and not part of the monetary union there is still clearly a lot of people who feel European.
In practical terms, as someone else stated, European Parliament elections are conducted as a series of more-or-less isolated national campaigns, with a weak sense of a body of citizens making a decision as a continental group.
This is perhaps beginning to change, with the Europarties nominating explicit lead candidates for the presidency of the Commission at the last Parliament election, which provides a certain cross-border unifying factor. It's notable that in my country (the UK) these candidates were barely mentioned, though, and the race was treated as a proxy fight for future control of the Westminster parliament, or as a chance to elect eurosceptics to protest the EU as a whole.
Still, it's easily the most democratic part of the EU government, and should definitely have more power.
It is easy to represent someone when you don't have much power. It becomes harder when you have power. Maybe different people seek to become MEPs for example. As today it is not a very highly regarded political job IMHO.
But with greater power comes also greater media attention, I hope, and therefore more accountability.
I've read a couple of his books and I've definitely become more skeptical of how the EU is currently structured (although still a Remainer) and much more sympathetic to the plight of the Greek people.
Moreover, given his political work, we can safely assume that he gained quite a lot of insights into the inner working of the EU. So his personal opinion that results from the experience is anything but irrelevant.
It's also a way around the democratic deficit, though in reality the deficit is in government to government horse trading with plausible deniability ("the EU made us do it!"), not anonymous bureaucracy.
In the USA the federal government is seen as the "real" one and the States are the also-rand. In Europe it's the other way round. MEPs are elected really as proxy popularity polls on the home parties. And they undergo very little scrutiny of their actions at home. It's only when EU runs counter to a home country "third rail" that it gets reported - for example changes to agricultural policy. this is its strength and weakness (if every road and job susbsidised by EU was branded with EU logo on the pay packet (1,045 euros this month came from EU!) then it probably would be looked on differently.
The EU is mostly a positive boon for the world. But the lack of scrutiny leads to no system of checks and balances - which is not good in the long term.
In tech policy there are either no home country policies entrenched, or the different sides are not deeply entrenched (Security agencies love spying on email of course but it's only a decade or two)
So a sensible policy wonk can lay down really useful guidelines that help everyone. Because it so early in the game.
Being a sensible policy wonk and trying to fix agricultural subsidies where there are centuries of ingrained compromises is much mich harder
Trust me the UK gov is not down with this idea
This is painfully true, and the biggest hurdle IMO to solving the perceived "democratic deficit" of the EU.
MEPs should be banned from using domestic party branding on their material, and have to canvas themselves based on the bloc they plan to align to in the EU, and what that stands for. Only then do you have a hope of people educating themselves on which EU parties/blocs align with their own ideologies.
At the moment, standing based on domestic parties in an EU parliament election has about as much relevance as someone in a general election saying "Vote Jones, member of the local football club", but leaving off their party affiliation.
MEPs align themselves with the bloc their party is aligned with.
Perhaps it would be better if political parties had to include the branding of the European Parliament political group they're aligned with on all campaign materials (I'd go so far as to say this should also apply to national and local elections, if EU citizens can vote in them).
I disagree, that's like saying — MPs are allocated per constituency, voting based on local policies is the entire point of an MP. It's definitely a factor, but how many people voted in the last UK election based on having "a good constituency MP" rather than the party positions?
I think an MP's main job is to make legislation for the country as a whole — yes, she should inform her opinion through the lens of her constituency and her constituent's opinions, as well as her own, but she shouldn't only vote for things that affect or benefit them directly. So similarly, I'd want my MEP to make good European acts of parliament for the EU as a whole.
Telling me they are a 'Labour', 'Lib Dem' or 'Tory' affiliated gives me a hint as to their ideological background, but it's no match for something like the voting blocs issuing their own manifestos for how they'd like the EU to progress and develop.
I think if people want the European Parliament to become more accountable, you have to start engaging with policies (and politicians) at a supra-national level.
Of course MEPs are going to need to consider the EU as a whole, because in order to advance the goals of their constituencies they need to cooperate with the MEPs representing everyone else (and other EU institutions).
But expecting that you can ban MEPs from being a product of national politics or national political branding would be folly and undemocratic. That's what the EP is for, it's there to represent voting blocks within the nation-states that make up the EU, MEPs are explicitly not voted for across national boundaries.
Targeting MEPs to solve a perceived "democratic deficit" in the EU seems bizarre. They're the only directly elected institution, and they're the most locally accountable EU representatives or institution.
It seems to me what you'd like to accomplish here would be better solved by making the 28 members of the Commission directly elected across national boundaries by the entirety of EU citizens.
Then again, it looks like UK is about to leave the union, so their ability to influence policy at the European level is fairly limited at the moment.
 I would not be surprised, though, if both sides just dragged the exit out long enough so nobody will care about it any longer and then quietly drop the issue.
Also, most of us EU nationals don't see EU structures as very democratically responsive. Fairly sure most of us only send the B Team to the EU parliament. E.g retired national politicians, or people who couldn't get elected for national parliaments. Also, it gets a lot less coverage than national parliaments, so members are free to vote on random things without the same amount of scrutiny.
I wouldn't call 'retired national politicians' the 'B' team, those are more likely the 'A' team, no longer worried about their career they are much freer to operate than their national counterparts, besides that they have lots of experience.
A Dutch example:
But the Europarliament does seem to get used as a training ground for national MPs.
But there are definitely examples of driven 'A' team politicians in the EP. And those are more easily heard because of the lack of attention to the laid back types. So the possible higher amount of the latter isn't even an all black-white bad thing.
And since many are positive about the results of the EP: does it even matter?
Whilst I got the same feeling, this really needs to be backed up by data. Do you know any reliable polls about it?
I have asked for numbers and the elections in different European countries this and last year did not show majorities of anti-EU feelings.
Netherlands, France, Austria, Spain, ... am I missing something?
The fact is only Greece has a majority that dislikes the EU (I'd say for obvious reasons). Not even the UK is polling that way right now.
"Since 2012, there has been a steady increase in Parliament of the fight against terrorism and respect for individual freedoms as a priority policy for the European Parliament, and this is now in second place (42%, +8 compared with 2015).
Meanwhile, some other indicators remain relatively unchanged. A clear majority of Europeans still believe that being a member of the European Union is a good thing (53%, -2), and that their country has benefitted from this membership (60%, =).
Likewise, around seven respondents in ten think that there is more solidarity amongst Europeans than issues which separate them (71%, -3). Nearly one European in two also shares the opinion that a harmonised social welfare system reinforces their feeling of being a European citizen (46%, +1).
We also noted that the neutral image which Europeans have of the European Parliament (44%, -2), and the more significant role which they want to see it play (46%, +2), are two indicators which also remain stable. In addition, Europeans remain well informed about the European Parliament.
Finally, other results show a decline in this survey. For example, Europeans feel that their voice counts less and less, both at national and at European level. However, in 26 of the 28 Member States, they felt that their voice counts more in their own country (53% in average, -10 compared with 2015) than at EU level (37% in average, -2). When asked about the future situation, Europeans are increasingly pessimistic, both in the EU (54% « things are going in the wrong direction », +13 compared with 2015) and in their own country (58% « id. », +14),
Among the various elements of European identity, a significant decline in the single currency as one of the essential elements is also noticeable (33%, -6), particularly in the Euro area."
I can't endorse those feelings so you can't ask much more out of me playing devil advocate.
Granted, it would likely change it more controversial topics was handled by EU.
That was how the data retention laws were established before the European Court of Justice decided that it was illegal/unconstitutional (unsure what term to use here).
Also note most European nations have dramatically reviewed the election systems many times over the years. I believe France is at its fourth constitution :)
US and UK doesn't exactly have modern election systems, it works a bit better in the UK because it's smaller, but brexit still happened..
I imagine the 3rd option (UKIP's favourite) would be the least popular and the EEA option "soft brexit" as the winner - which I feel better reflects voter sentiment... and voter ignorance: as EEA members still pay money to Brussels and are subject to regulation on goods and immigration. At least it would have made it clear to everyone in Whitehall that "hard brexit" was/is unconscienceable.
I'd actually bet that had you suggested this a year ago, the people on the remain side would be loudly objecting to it, rather than the other way around.
I suspect most people sufficiently informed about all the options would have voted 'No' already, as with that knowledge would come understanding of the risks voting 'Yes' would entail.
Are you trying to solve an ignorance/emotional/populist problem with logic?
The smallest percentage turnout in the EU Referendum was by those aged under 25. However, the largest percentage of Remain voters were also in this age group . If voting was compulsory in the UK, it's reasonable to assume the extra under 25 voters would have swung the result the other way.
Such systems were "progressive" back in 1980's, remember.
Oh, more than that. It's on its fifth Republic, but there were also a few constitutional monarchies in between.
Source (German): https://netzpolitik.org/2017/staatstrojaner-bundestag-beschl...
I expect that the law will be shot down by the Bundesverfassungsgericht (Germany's Supreme Court), but it will be a few years until that happens because these processes take time.
Don't worry, US and UK will get there.
Or will it turn out like the cookie legislation: potentially good in theory — that you should have an opt out to non-essential tracking cookies — but because of vague hand-waving around implicit opt-ins and not forcing firms to distinguish between essential & non-essential cookies, means the only outcome is an annoying banner on every website and no real effect on end-user privacy.
If we had perfect encryption on all devices and no government would be able to listen in on anything (spoken conversation, mails, whatever) we would be pretty much back to where we were a couple of decades ago. I suppose the government would need to employee more real people to monitor other real people.
Is there any way we could have encryption / security with a state actor still being able to decrypt the data if needed?
I'm not saying that I personally am for the state actor, but I'm just imagining a scenario where all communications of bad actors would be via encrypted channels. No possibility to gather chatter, no possibility for rumors, everything encrypted and hidden. I mean this is the scenario state actors are afraid of, and frankly I would be too.
How would we live in a world with perfect encryption? More anonymous, sure. But safer?
I'm really trying to see "the other side" (state) right now. Help me out and tell me how we can have perfect encryption, but don't undermine security / possibility of investigation.
Most of the recent terrorist acts can be traced to different organizations that only exist because of military/economical interventions that happened a few years, or even decades ago. In a broader sense, many can even be traced to the aftermath of the first world war and how the Ottoman empire was split, and the interventions that followed.
What I'm trying to say is that this is not a "inherent" problem in western society. They were created by misguided actions of the past (and current) generations. The techniques and methods used by these actors are just details. You could theoretically spy in everyone like the US or UK governments want, but ultimately the criminals can easily be one step ahead of them if they want and try just hard enough. They can switch to other method or just pay some hacker group to create software for them if they were really organized.
Think of the prohibition in the US. Did it really stop alcohol consumption? Not at all. And a few years later everyone realized how stupid that idea was and the whole prohibition was scraped.
Ultra-conservative strains of Islam are big losers to the West's cultural influence, even in the absence of Western military and diplomatic intervention in the Muslim world. Western economic and cultural might is a threat to their value system and way of life, and some are willing to kill to defend it. Within the United States there has been left-wing terrorism (e.g. anarchists in the early 20th century or the Weather Underground) and right-wing terrorism (e.g. the Oklahoma City bombing).
We cannot always avoid arousing the ire of hardcore radicals.
>but ultimately the criminals can easily be one step ahead of them if they want and try just hard enough. They can switch to other method or just pay some hacker group to create software for them if they were really organized.
They can, but thankfully most people seeking to do us harm (and most people in general) are incompetent. Even the most seasoned computer criminals get careless and make mistakes.
People wishing to do us harm don't need computers at all. Just look at the 3 attacks in London in the last few months (Westminster, London Bridge, Finsbury Park). All that is required is a driving license to rent a van and the want to drive it at people at speed. Any person willing to do harm can go out and do it this afternoon without any planning. If we give up our freedoms so that the government can spy more effectively the terrorists will just do more of the above style of attacks.
Do you really think an entire population will just accept a foreign nation obliterating their lives completely, without at least a small amount of revolt groups wanting revenge? Now that would be naïve.
You mean the same strains that have been repeatedly propped up  by the western powers?
It would make sense if spending had gone down as more monitoring was added, but to my knowledge funding has instead been going up. A reinvestment on low technology solution is mostly just shuffling of funds for one area to an other.
> where all communications of bad actors would be via encrypted channels.
It is really hard to encrypt a physical meeting, and even harder to encrypt ownership of guns, bombs, stolen goods or the intent to hijack a truck. The evidence and police work needed to stop and convict criminals in a society with encryption look very similar and practically identical to the work needed in a society without encryption.
Other bad actors seem benign in comparison. A fundamentalist organization can clock up hundreds or thousands of kills but a bad state actor is usually along the lines of millions of lives negatively affected.
There's also no indication that bad actors need encryption at all. In several of the recent terrorist attacks, in some cases information was easily retrievable but was not investigated due to an overwhelming amount of people to monitor. It seems like states have no issues collecting data but sometimes struggle to actually use it to stop terrorism.
That question is indeed addressed if you read the article. Toward the end:
> "There are lots of existing techniques law enforcement can use," Dr Steven Murdoch, a cyber-security researcher in the department of computer science at University College London told the BBC News website.
> "One of them is traffic analysis, which is looking at patterns of communications, eg who is talking to who, when and from what location.
> "The other one is hacking - equipment interference in British law - which can happen before data is encrypted and after it's been decrypted, so there are still ways for law enforcement to gain access to information."
If the E.U. is considering this legislation, you can be sure the member countries' spy agencies are confident in their ability to hack and do traffic analysis.
Probably a better (though still highly theoretical) way to phrase your question is this:
How would we live in a world where there are no bugs to exploit?
My view is - why is that a bad thing? We didn't live in some crazy unsafe time then and I don't think it'll be any different now.
However what if I was wrong and the world did become less safe? We need to start looking at 'safety' thorough the bigger picture. If this regulation really did make it harder to catch e.g. terrorists and there were 1-3 more attacks a year with 50 deaths total should we give up our privacy to prevent that given the consequences of giving up privacy to save those 50 lives? That loss of life would obviously be tragic but in the grand scheme of things it's a tiny number. I've seen governments take away people's freedoms to stop violence and keep people safe. It generally doesn't make much difference. And if we let the government take away this freedom how long until they take away another? How long until we start letting them take away freedoms that only serve to frustrate the bad guys and fuel further violence (again this has happened in the past).
And if you are hoping that it would be easier to spot these truly encrypted communication channels then, not really a chance, there are already too many options how you can hide the data in the skype stream images, websockets and so on.
Apart of course from the fact how bad idea it is to let state actors access all this information. Sooner or later they will be breached too, by other state actors or Mallories, regardless of their intentions.
That's like saying people have the right to life but government can murder anyone they want because they are the government. It's silly and meaningless. Rights are to be protected even when the government is against them, perhaps even more so in such cases.
Just because it is technically feasible to do something doesn't mean there is some obligation to do it. We should treat external parties intercepting our traffic the same way we would treat those third parties trying to install microphones in our houses to listen to us.
Talking cryptically comes so naturally that close siblings and friends evolve their own dictionary just for fun.
Removing encryption will not change this.
There are, and there have been, they're called back doors and they are a bad idea, because you cannot guarantee a state actor having sole access - if there is any way to get to data besides the main gateway (e.g. having a private key), it's insecure and potentially hackable by people that are not said state actor. Even if it's fully secure, there's still the risk of human failure - leaks, espionage, accidents. Then all your data would be up for grabs.
The UK has never suffered occupation under National Socialism or Soviet Union like most of Europe did so we don't have the same fear of authority creep, which is unfortunate because it absolutely is happening here.
People in the UK are infuriatingly trusting of their rulers.
No, just the readers of the reactionary black-top press.
What's infuriating is erosion of civil liberties that has happened under both Labour and Conservative governments in the past 30+ years - I blame it on the fundamental design of the office of the Home Secretary - whose job-description is seemingly to always put matters of national security (and the reactionaries' opinions...) above such trivial concerns as privacy or liberty. Fortunately this trend can be reversed if an equivalent opposing office, a hypothetical "Secretary of Sensibleness", existed with veto rights over the Home Secretary.
I thought we came close with the new Secretary for Culture, Media and Sport, but it seems like a holding position for unwanted or up-and-coming MPs than a position of any consequence (London Olympics notwithstanding).
Is it really so much to ask for a democratic Socialist party that favours protecting civil liberties? One would think it's in the interest of the proletariat. Oscar Wilde would be in favour of it.
The issue here is that Labour governments under Tony Blair and Gordon Brown were decidedly NOT leftist. They were very much a Tory-lite neoliberal party. Remnants of those priests of a dying religion still plague the PLP today and spent the better part of Corbyn's leadership attempting to undermine him.
My MP is Angela Eagle. A self-described socially progressive lesbian that you would imagine would be on the side of civil liberties and democracy, yet her record speaks for itself;
- Refused to vote against Tory welfare cuts
- Voted in favour of the war in Iraq
- Voted in favour of the bombing of Libya
- Voted three times to block investigations into the decision to go war in Iraq
- Voted in favour of national identity cards
- Voted in favour of Theresa May's Investigatory Powers Bill (legalised mass surveillance of Britain)
She is the kind of 'leftist' that made the Labour party utterly right-wing.
If I lived in England (I don't), I'd be pissed I couldn't vote for the SNP. They seem to be the only sane party there. It would be interesting to see them gain seats south of the border.
It's a real shame what the options have been in terms of electable leftist parties and policies in the past few years, so I'd very much agree with you. As to what Corbyn is going to do about it, I don't know, but I'm not a pessimist in this regard.
These would be drawings of child pornography, just to clarify.
In terms of the principle, the actual content shouldn't matter in the slightest.
From the outside, hilariously, it looks like both sides claim the same ultimate goal.
But then again they might say the same about my wish to remain part of the union.
I value effective regulation, worker protections, considerations of civil liberties and democracy and I made a choice to vote remain in the EU knowing full well that it is far from perfect.
I trust the EU to act in my interests a hell of a lot more than my own country's shit-show of career-politician Eton schoolboys, unelected Lords and sycophantic royalists embodying the very notion of hereditary privilege.
The agitators mostly seemed to come from the second group but were happy enough to stoke the fears of the first.
Neither group appeared to have any coherent arguments to me.
Those on the (far) left in the UK see the EU as a fundamentally a capitalist enterprise as it is about free trade and ensuring supplies of cheap labour to keep wages depressed.
The UK is a mixed economy, we have both Capitalism and Socialism and we like it - our safety-net welfare state and the NHS save lives everyday.
EU membership is a shield for former soviet satellite states to join the West and escape Russian influence.
The main leave "argument" was £350,000,000 was being given to the EU and could save the beloved NHS - this turned out to be a downright lie.
Many of the other popular arguments were equally false and fearmongery about out of control EUrocrats legislating on the curvature of bannanas and attacks on the British sausage and that farmers would be better off outside the common market - all very jingoistic.
It has emerged that there was a lot of carefully crafted individually targeted Facebook adverts that played on voters fears derived from personal data held outside the UK (and outside UK data laws), sadly these went undocumented so we may never know the extent of the falsehoods or their level of influence.
The UK electoral commission has expressed concern over this type of campaigning as no-one knows what is being promised or how much was spent on it.
There has been an effort to try to document these dark ads for the recent election where they seem to have been much less effective.
Many Brits feel conned as the referendum was pitched as being only advisory but is now being taken as iron-clad and a 4% majority of those who offered an opinion is very little mandate to enact such major constitutional change.
As the realities for science funding, farming subsidies have kicked polls are reporting many Brexiters have changed their tune. Goldman Sax's relocation to Europe is a bellweather for the realities for the financial industry which is close enough to Tory hearts that one hopes they'll snap out of their dreams of Empire and Commonwealth.
Hopefully the staggering level of incompetence so far demonstrated by David Davis' negotiating team will be the rope that hangs them and we'll get a second real referendum.
The alternative Red White and Blue Hard Brexit promised by Teresa May is not good for anyone in the UK unless they are shorting the pound.
This is not really accurate.
Firstly, the majority that initially voted to leave was 37% of the population. As far as I am aware that number has slightly decreased in terms of supporters, but even if the opposite were true it is still less than half of the population that actively support leaving.
Secondly, these MP's are only 'pro-Brexit' insofar as they know it has to happen regardless of their own beliefs and coming out against it now would be political suicide. No matter what you think here, in this last General Election people did not vote for parties based on their Brexit stance. They voted based on whether they wanted 5 more years of Tory rule. Tht issue was a far higher priority than Brexit.
I'd have voted LibDem but you only get one vote and my main concern was "try to halt NHS privatisation" leaving me to vote against the Tories and so for whoever has most chance of winning against them.
There's no scope in General Elections for any nuance in voting.
LibDems openly supported this line, "vote against the Tory party".
Meanwhile in Scotland it seems SNP lost votes not because of their governance, per se, but because people were using it as a proxy for voting against a further Scottish referendum.
This doesn't work so well under the UK's First Past The Post system.
If you wanted to get the Tories out then feeling one was throwing away a vote for the Lib-Dems in a seat were they are too far behind is one argument for proportional representation.
Also the Lib-Dems lost a lot of trust with the coalition with the Tories, many left the Lib Dems as they felt betrayed by this.
That last assumption may end up not to hold water in the longer term.
Homegrown oppression over foreign freedom.
The only repeat referenda seem to be ones where:
1) a motion was denied
2) ammendments were made to change or garuantee parts of the motion
3) the motion was subsequently passed
In the anti-EU crowd, this has morphed into "repeatedly re-run a referendum until they get the result they want"
I'd be interested to see what authority creep you think is happening in the UK right now. I can see no evidence of it.
A large portion of the UK has no idea how encryption helps them and believe that criminals and terrorists should "have nowehere to hide".
But what about dumb criminals? From what I read both the London Bridge attackers and Manchester bomber are dumb as dogs__t. They'd probably use whatsapp even if it wasn't private simply because it's popular.
(I support private communication, and think not being able to catch some criminals is a reasonable price, but many others do not)
As is, many government agencies databases seem to be filled to the brim with false-positives, making it impossible to spot the actual dangerous people among the hundreds of thousands (if not millions) of "suspects".
Maybe they believe that more data will make it easier to figure out who the really dangerous people are? But that whole idea is still based on concepts which pretty much boil down to precognition of how individual humans gonna act, an impossibility.
Guess a few people took Minority Report a tad bit too seriously and didn't get the message at all.
The reason you make it illegal is that then you can, with Rule of Law, take action against it.
You're (extremely naively) correct in saying making Terrorism (and associated activities) illegal is likely to have little direct effect, but if it isn't illegal then authorities subservient to the Rule of Law are impotent to act against it.
Assuming your comment is not that naive, what's the purpose of the comment? Unless you're advocating return to feudalism I can't see anything positive in your thinking here.
What am I missing?
You're right to contend that simply adding more laws doesn't help further in general. But that's a considerable climbdown from the position implicit in your post upthread.
The jaded tone is likely due to laws being created for the 'drug war' and 'terrorism' quickly impacting ordinary citizens, while having relatively little effect on the groups they were purportedly created for.
But I guess it's "racist" to take action on that
This was a long running set of crimes that had severe impact on the victims, and there were very many victims.
Investigating people before they are terrorists is complicated by things like human rights. But raping children is always, unambiguously, wrong.
Those decisions not to investigate or prosecute were also made by police in Rotherham. Police were well aware of the extent of the criminality, and chose not to investigate or prosecute.
> Within social care, the scale and seriousness of the problem was underplayed by senior managers. At an operational level, the Police gave no priority to CSE, regarding many child victims with contempt and failing to act on their abuse as a crime. Further stark evidence came in 2002, 2003 and 2006 with three reports known to the Police and the Council, which could not have been clearer in their description of the situation in Rotherham. The first of these reports was effectively suppressed because some senior officers disbelieved the data it contained. This had led to suggestions of coverup. The other two reports set out the links between child sexual exploitation and drugs, guns and criminality in the Borough. These reports were ignored and no action was taken to deal with the issues that were identified in them
> Some at a senior level in the Police and children's social care continued to think the extent of the problem, as described by youth workers, was exaggerated, and seemed intent on reducing the official numbers of children categorised as CSE
It was lack of authorisation to act, and even that does not come from any "austerity cuts". It comes from the difficult balance of citizen's rights to "freedom of expression" and "privacy" and "right to family life" and so on.
The silly part is simply that foreign citizens can preach violence but they can't be deported.