privacy

Wikimedia France: new anti-terrorist bill exposes users to mass surveillance

Remember when we learned that Wikipedia was a target of widespread NSA surveillance? Wikimedia Foundation challenged the NSA program siphoning communications directly from the backbone of the Internet in the court. Today in France we may face a similar issue in the form of a new antiterrorist law that would add a grave threat to privacy to the censorship of the Terrorist Content Regulation. 

Protecting Wikipedia from mass surveillance

In May 2013 Edward Snowden revealed the existence of several American and British mass surveillance programs. The Wikimedia Foundation and other non-governmental organizations such as Amnesty International and Human Rights Watch have filed a complaint against the NSA, accusing it of violating the first and fourth amendment of the American Constitution, and of having “exceeded the authority conferred on it by Congress”. 

As a result, on June 12th 2015, the Wikimedia Foundation announced the use of the HTTPS communication protocol for all Wikimedia traffic, with a view to countering the mass surveillance exercised by the NSA, which took advantage in particular of the inadequacies of the non-encrypted communication protocol. 

Now, over to France

The new proposed French anti-terrorism bill fits well in the mass surveillance trend, attacking fundamental rights of online users. Presented by the Minister of the Interior, Gérald Darmanin, on April 28, it proposes a number of security measures inherited from the state of emergency of 2015 and the law of 2017 on internal security and the fight against terrorism. It also validates tools such as “black boxes”, responsible for detecting terrorist threats using user connection data, while expanding their use.

Read More »Wikimedia France: new anti-terrorist bill exposes users to mass surveillance

E-Evidence: trilogues kick off on safeguards vs. efficiency

The Regulation on European production and preservation orders for electronic evidence in criminal matters (E-Evidence) aims to create clear rules on how a judicial authority in one Member State can request electronic evidence from a service provider in another Member State. One such use case would be requesting user data from a platform in another EU country during an investigation. We wrote about our main issues in the past.

What Wikimedia worries about

At Wikimedia we were originally  worried mainly about a new data category – access data. This would mean that prosecutors would be able to demand information such as IP addresses, date and time of use, and the “interface” accessed, without judicial oversight. In the Wikipedia context, however, this information would also reveal which articles a user has read and which images she has looked at. 

The second aspect we care about is whether the service provider’s hosting country’s authority will have the right to intervene in some cases where fundamental rights of its citizens are concerned. We know that unfortunately not all EU Member States have good rule of law records, which calls for safeguards at least  against potential systemic abuse. Again, knowing which Wikipedia articles or which Wikimedia Commons images someone opened is information that should be hard to get and only in rare and well justified cases.

Read More »E-Evidence: trilogues kick off on safeguards vs. efficiency

E-Evidence: Let’s Keep Reader Data Well Protected!

A new EU regulation aims to streamline the process by which a prosecutor from one EU Member State can request electronic evidence from a server in another Member State. As current procedures are messy, this is necessary. But the current proposal would also mean that prosecutors could request data about who has read which Wikipedia article without judicial oversight and without a possibility for the country’s authority that hosts the platform to intervene in case of fundamental rights breaches. That is worrisome!

The Wikimedia Foundation gathers very little about the users and editors on its projects, including Wikipedia. This is how the Wikimedia movement can ensure that everyone is really free to speak their mind and, for instance, share information that may be critical of a government in the country they live in. However, the Foundation’s servers do record the IP addresses of users who have accessed Wikipedia, and the individual articles they have viewed. In accordance with the Wikimedia community’s support for strong privacy protections, the Foundation keeps this information for a few months as part of the way its servers function before it is deleted. Allowing access to these IP addresses and the articles that the users behind those IP addresses have read — without judicial oversight — is the issue with the European Commission and Council proposals for an E-Evidence Regulation.

Read More »E-Evidence: Let’s Keep Reader Data Well Protected!