Posted by Emil A. Georgiev on 9 March, 2010
I guess every Internet and e-mail user has at least once received a spam, scam or any other sort of a junk mail in their inbox. So far, the system admins at my employer have always managed to filter such undesired messages. Yesterday, however, I received an e-mail that has apparently succeeded to overcome the protection designed to restrain it.
It is not the usual marketing spam telling you how to buy cheap watches or to enlarge certain body parts, but rather a scam mocking an urgent situation. The sender pretends to be Marina Encheva and the e-mail reads as follows:
How’s everything on your end? This has had to come in a hurry and it has left me in a devastating state. I travelled to UK for a volunteer Training Program (UTP 2010), unfortunately for me I was robbed and my wallet was taken at the hotel where I lodged. The Embassy only cleared me of my travelling documents and ticketing since I came in on unofficial purposes. I only need to clear the hotel bills before I can leave but ofcourse they stopped billing me since the incident. I didn’t bring my phones here and the hotel telephone lines were disconnected during the robbery, so I have access to only emails. Please can you send me £1370 as early as possible so I can return home. As soon as I get home I would refund it immediately, I need you to get back to me so I can let you know how to send.
I’m looking forward to hearing from you.
Regards,
Marina.
So what – could the well informed Internet user ask – spam should not bother you anymore in these days – do not overestimate it! To an extent that would be fine – I would reply – but there are not only well informed users surfing the net. The average users’ age is said to amount to 28 years and as a result of Web 2.0’s advent more and more minors are entering the net. No doubt, the Internet brings many advantages that oftenly show its bright side, but spam, scam & Co show definitely its dark one.
Spam mails are in the most times misleading or even fraudulent. Hence they have the potential to cause damage to their recipients. Yes, just look at the above spam mail and consider the “professional” drafting skill applied to create it. The most users, I am sure, would cross-read and then delete such a mail. A certain, maybe small percentage would read it carefully, and then spend some time questioning its authenticity prior to deleting it. An even smaller percentage might consider some support and probably contact the sender with an offer to help. That’s it, that’s how it works. This is what these guys are aiming at.
It is possible that the sender’s e-mail account has been hacked and misused by a wrongdoer. It is however possible that the sender is truly experiencing the described difficulties.
In any case, I will take the risk and have the sender, whoever she or he may be, wait for my reply until the cows come home.
Posted in communication, consumer protection, data protection | Tagged: encheva, junk e-mail, professional, spam | Leave a Comment »
Posted by Emil A. Georgiev on 16 December, 2009
Have you got an e-mail account on Yahoo! or do you use any of the services, such as messenger, groups or Flickr, provided by the Sunnyvale company? You were certainly aware of Yahoo!’s privacy policy, weren’t you? What you most probably did not know is the fact that Yahoo! surveil your personal data and then offer them to law enforcement at a fixed price. Not bad, huh?
Cryptome, a website hosted in the US that functions as a repository for information about freedom of speech, cryptography, spying, and surveillance got the ball rolling since it has obtained and made Yahoo!’s Compliance Guide for Law Enforcement available on its website. Seemingly, Yahoo! were not amused and served Cryptome with a takedown notice based on the US Digital Millenium Copyright Act (DMCA). Stretching copyright law for the purposes of preventing access to information is an interesting, albeit not novel, strategy. By the way, this is the reason why the DMCA and, particularly, its Section 512 has come under criticism – it causes a so called chilling effect on free speech.
So long Cryptome has not complied with Yahoo!’s demand and is still hosting the document in suit. It starts to get exciting!
Posted in copyright, data protection, privacy | Tagged: copyright infringement, copyright, freedom of information, freedom of speech, chilling effect, DMCA, ISP liability, takedown notice | Leave a Comment »
Posted by Emil A. Georgiev on 14 December, 2009
About an year ago I composed one of my first blog postings and asked “Will the data retention directive be fully implemented across Europe?”. The reason behind was the then pending decision of the ECJ caused by Ireland’s concern on the data retention directive’s grounds legitimacy and, the wrong way the directive was initially implemented in Bulgaria.
Recently, I covered the startling deciosion of the Romanian Constitutional Court that rejected the data retention implementing act due to inconsistency with constitutionally guaranteed and fundamental human rights, such as the right to privacy. Seemingly, this decision will not remain a single one.
In a hearing, appointed for tomorrow, the German Constitutional Court is expected to deal with the mass-complaint filed by nearly 35 000 citizens in which they ask the Court to abrogate the provisions on data retention. I believe the whole data retention concept would then fall apart, if the German Constitutional Court decided in favour of the complainants.
Press releases in Austria which, in my view, attempt to encourage the government in its Fabian position towards data retention, even call for a final ruling by the ECJ on the overall legitimacy of the data retention concept. In such a case, the ECJ will have to scrutinise whether the data retention directive is conciliable with the Charter of Fundamental Rights of the European Union that, together with the Treaty of Lisbon, is in force as of 1 December 2009.
Posted in data protection, data retention, privacy | Tagged: complaint, data retention, german constitutional court, implementation | 5 Comments »
Posted by Emil A. Georgiev on 27 November, 2009
The framers of the Data Retention Directive must have underestimated several factors in the course of its subsequent implementation. First Ireland brought a challenge before the ECJ then Austria still shows totally reluctant to implement. However, the big bang is currently unrivalled owned by Romania! This country’s Constitutional Court is the first to deliver a ruling that declares an act implementing the directive into a member state’s law unconstitutional.
Now, after Dracula and Johnny Weissmuller, Romania has, in the person of Prof. Iaon Vida being the President of the Romanian Constitutional Court, good chances to be awarded a third VIP contribution to the world!
Basically, the Court pointed out that the law on data retention interfered with following articles of the Romanian Constitution: Art 25 Freedom of Movement, Art 26 Intimate, Family and private life, Art 28 Secrecy of Correspondence and Art 30 Freedom of Expression. In addition, the Court examined Art 12 of the Universal Declaration of Human Rights (UDHR), Art 17 of the International Covenant on civil and political rights (ICCPR) and Art 8 of the European Convention on Human Rights (ECHR) and found them affected too.
The Court recognized in its reasoning that neither the Romanian Constitution nor the ECHR prohibited state authorities to interfere with the rights mentioned above on a general scale. However, the Court, relying upon the judicateure of the European Court of Human Rights (ECtHR) in Klass vs Germany and Popescu vs Romania, opined that such interference was permissible only within a narrow path, fenced by sufficient safeguards to protect a person against arbitrary acts of state authorities.
The Court further opined that the legislator has created uncertainty because it used terms in the act that were either not or only ambiguously defined. Such uncertainty was contrary to the drafting techniques which the legislator was required to employ in the course of legislation.
Finally, the Court addressed critically two more issues in the act on data retention. The first critic dealt with the breadth of applicability of the act’s provisions – they were not limited only to wrongdoers, but covered also innocent bystanders. The second regarded the lengthy period of time for which the data were to be retained.
The entire above put together just fortified the majority of Court’s members to vote for the abrogation of the act.
Now, before the opponents and fighters of data retention fall in a state of euphoria, one has to consider that the Court did not reject the act per se. Quiet the contrary! To me, this ruling reads as a cooking recipe directed to the legislator. The recipe contains an enabling set of hints and aims to support the legislator to successfully implement that act later on.
Posted in data protection, privacy | Tagged: abrogation, breadth, constitutional court, data retention, innocent bystander, uncertainty | 2 Comments »
Posted by Emil A. Georgiev on 24 November, 2009
Well, I agree the title of this post reads somewhat provocative. Nevertheless, it is driven by the criticism that European data protection practitioners usually express towards their US colleagues’ approach when dealing with privacy and protection of personal data.
This should not surprise as the right to privacy is a highly developed area of law in Europe. Accordingly, the European Union has long had a privacy framework for the processing of personal information that is different – and more restrictive — than privacy practices in the US. By contrast, the United States prefers what is called a “sectoral” approach to data protection legislation, relying on a combination of legislation, regulation, and self-regulation, rather than overarching governmental regulations (see “A Framework for Global Electronic Commerce“. To date, the US has no single, overarching privacy law comparable to the EU Directive.
The EU Data Protection Directive requires EU member states to provide for legislation that prohibits the transfer of personal data outside the EU. However, there are some exemptions from that rule, one of which applies where the EU has determined that the laws of the country of destination provide “adequate” protection for personal data. Among others, Switzerland and Argentina were determined to be such countries. In the late 1990s, the EU determined that the laws of the United States did not meet its adequacy standard.
However and in order not to totally prohibit the personal data transfer between the largest economies, the US Department of Commerce in consultation with the European Commission developed the “Safe Harbor Arrangement”. As a consequence, US companies that are under the jurisdiction of the Federal Trade Commission or the US Department of Transportation may enrol to that arrangement and process personal data submitted by European partners (subsidiaries) of theirs.
A company under the FTC’s jurisdiction that self-certifies its compliance with the Safe Harbor Arrangement, but fails to observe them may be subject to an enforcement action under Section 5 of the FTC Act, which prohibits unfair or deceptive trade practices.
After a decade without any enforcement actions, the FTC recently proceeded against seven companies and obtained consent orders against them.
While these actions by the FTC are said not to represent substantive enforcement within the Safe Harbor Arrangement, they do signify that companies need to be even more vigilant about the content of their privacy policies and marketing assertions.
Posted in data protection, e-commerce, privacy | Tagged: data protection, e-commerce, eu data protection directive, privacy, safe harbor arrangement, transfer of personal data, usa | Leave a Comment »
Posted by Emil A. Georgiev on 22 November, 2009
Austria’s DerStandard informs that the data retention bill to amend the existing Austrian Telecommunications Act was in place. In a consultation procedure, the responsible minister Doris Bures has called upon the appraisal of the participants (eg regional authorities, chamber for commerce and industry, trade unions). She thereby vowed to apply “the highest standards under the rule of law” in drafting the bill.
Austria has not implemented the data retention directive yet, wherefore the European Commission threatened the government with the launch of infringement proceedings. Austrian politicans have used the data retention related set of problems in their last election campaign in 2008. For some period thereafter and, since the subject matter is highly controversial, noone appears willing to cease the delay in implementation.
Quite often, the enforcers of intellectual property rights have been viewed as the real beneficiaries of the data retention becoming a fact. Many of their lobbyists and legal representatives utilized the duration caused by the governmental delay in addressing the public and stating the necessity to access retained internet traffic data that evidences, for instance, illegal file sharing. However and given an implementation, it is still unclear as to whether such enforcers shall have access to data so retained.
According to recent cases on file sharing, Austrian courts seem to opine that file sharers’ interest in the protection of their traffic and identity data outweighs the enforcers’ interests to access such data.
It is clear that the data retention could easily change the so established balance. I hope to soon have certainty on that.
Posted in data protection, enforcement, privacy, regulatory affairs | Tagged: austria, copyright, data retention, enforcement, file-sharing | 1 Comment »
