Facebook gets leave to appeal to Ireland’s Supreme Court after failing to block data transfer referral to CJEU

Facebook has been given the go ahead to appeal to Ireland’s Supreme Court against an earlier High Court decision to refer key questions relating to the validity of EU-US data flows to Europe’s top court, the Irish Times reports.

The eventual outcome of what is already years of legal to-ing and fro-ing — in a case that’s colloquially referred to as ‘Schrems II’ — could have major implications for the thousands of companies that rely on transferring EU citizens’ personal data to the US for processing.

The case was originally lodged with the Irish Data Protection Commission by European privacy campaigner, Max Schrems — as a complaint over the legality of Facebook’s use of Standard Contractual Clauses (SCCs) for transferring EU citizens’ data. Although it was Ireland’s DPC that took the decision to go to court — seeking a definitive ruling on the legality of the data transfer mechanism.

The High Court then added its concerns about another mechanism: The EU-US Privacy Shield.

Facebook is disputing the court’s earlier findings, including of “mass indiscriminate processing” of data by U.S. government agencies — under the PRISM and Upstream data harvesting programs (details of which were made public in documents released in 2013, by NSA whistleblower Edward Snowden).

In May, Facebook was denied a stay against the CJEU referral by the High Court. So the decision by the Supreme Court to hear its appeal sidesteps that earlier block — albeit, the referral to the CJEU stands, and has neither been blocked nor revoked by today’s decision.

However, if the Supreme Court hears Facebook’s appeal before the end of the year — as slated — that’s likely to be before the CJEU delivers its verdict on the referred questions. So there’s at least a possibility that the outcome of the Irish appeal could feed into the CJEU judgment, i.e. when Europe’s supreme court conducts its own assessment of the validity of EU-US data transfer mechanisms.

Equally, there’s no guarantee that Facebook’s arguments will persuade Ireland’s Supreme Court judges there was anything wrong with the High Court’s findings of fact in the first place.

The company’s decision to ask the Supreme Court to hear its appeal against the High Court’s CJEU referral lacks precedent in Ireland — so the company is challenging local case law.

The Irish Times reports that the judges rejected arguments made by the DPC and Schrems against the appeal, deeming it “at least arguable” that Facebook could persuade the court that at least some of the facts under challenge should be reversed.

According to the newspaper, the court granted Facebook leave to appeal on all eleven grounds which its lawyers had presented.

It was also eleven questions that the High Court referred to the CJEU in April — seeking guidance on a range of fine-grained points around whether rights afforded to EU citizens are being adequately protected by the current data transfer mechanisms and regimes, including Privacy Shield and SCCs; how to determine which rules and regulations take precedence across borders and/or where legal priorities clash and overlap; and whether, in cases of rights violations caused by surveillance law, data protection authorities have to suspend data flows or whether they can use discretion to not do so.

The case is based on an even earlier (2013) complaint by Schrems, related to US surveillance law, when he challenged Facebook (and other tech giants) over how user data they held was accessed by US intelligence agencies under US government mass surveillance programs — arguing such bulk access contravenes Europeans’ fundamental privacy rights.

The result, in 2015, was a landmark CJEU judgement which struck down a long-standing EU-US data transfer mechanism (called Safe Harbor).

The European Commission has since negotiated an updated replacement mechanism (aka: The EU-US Privacy Shield) — which is now used by more than 3,400 companies to simplify the process of authorizing transfers of EU citizens’ personal data to the US.

However this replacement is under increasing attack at home, with European MEPs angry at decisions taken by the current US administration which they see as counter to the spirit of the agreement and/or risking undermining actual protections agreed by EU and US negotiators during the Obama presidency.

US lawmakers’ continued backing for warrantless surveillance is one example — when the hope in Europe had rather been for reform of Section 702 of FISA, not the six-year renewal that Trump signed off on.

The Trump administration has also failed to fully enact certain aspects of the Privacy Shield arrangement (two years on from launch there’s still no permanent appointment to an ombudsperson role intended to handle EU citizens’ complaints, for example).

And in June the EU Parliament’s LIBE committee called for Privacy Shield to be suspended by September 1 unless the US comes into full compliance. Earlier this month the EU parliament also adopted a resolution calling for the suspension of the EU-US Privacy Shield.

The annual review of the Privacy Shield mechanism is due to take place in October — so the Commission really needs to eke out some substantial concessions from US counterparts or face further political heat in its own backyard.

Aside from the CJEU, the Commission is the only EU institution with the power to suspend Privacy Shield, although the executive body has shown no appetite for that. Rather its priorities align with ensuring ‘business as usual’ — at least where all important data flows are concerned — vs taking a principled stance in defense of EU citizens’ fundamental rights. For that, Europeans typically have to look to the courts. Or, sometimes, the parliament.

The Irish Times reports that Facebook’s grounds for appeal to the Supreme Court in the Schrems II case include the necessity of the High Court making a reference in light of Privacy Shield — with the company arguing the court is bound by the finding on US law contained within the Privacy Shield decision. (A decision that was, however, made by the Commission, not by an EU court…)

It also argues that the High Court should have taken into account the effect of the introduction of the EU’s General Data Protection Regulation on the legal context which will operate when the CJEU comes to consider the reference — with the referral taking place prior to GDPR coming into force on May 25.

The company is also claiming the court made several errors in its assessment of US law — including in its finding of “mass indiscriminate” processing; and that US laws and practices did not provide EU citizens with an effective remedy, as required under the EU’s Charter of Fundamental Rights, for breach of data privacy rights.

We’ve reached out to Facebook for comment on the appeal.

The principled thinkers behind universal human rights | Letters

Reactions to Afua Hirsch’s opinion piece on 2018’s anniversaries of the founding of the NHS and the Universal Declaration of Human Rights

In reminding us of the 70th anniversary yet to come on 10 December 2018 of the Universal Declaration of Human Rights (Celebrate the NHS at 70. But don’t forget what inspired it, Journal, 27 June), Afua Hirsch missed an opportunity to reflect that it was a Briton, HG Wells, whose The Rights of Man provided the source for much of the text of the declaration. Thus, through the work of the drafting committee chaired by a Canadian, John Peters Humphrey, the UK played a key underpinning role in its drafting.

The declaration was the principal driver in the development of the 1950 European convention on human rights, which adopted much of the UDHR but also established a court for the enforcement of the convention: the European court of human rights. Another Briton, Sir David Maxwell Fyfe, played a key part in the development of the convention.

Continue reading…

Salesforce reportedly won’t cancel its contract with border agency despite employee petition

While denouncing the separation of migrant families as “inhumane,” chief executive officer Marc Benioff reportedly told employees that Salesforce will continue its contract with U.S. Customs and Border Protection (CBP) because it’s technology isn’t involved in the CBP’s U.S.-Mexico border policies. Benioff’s internal memo, obtained by Bloomberg News, was in response to a recent petition signed by more than 650 Salesforce employees asking him to reexamine the deal in response to the Trump’s administration’s policy of separating migrant families at the border.

On Tuesday, a federal judge issued an order to reunite families and end most separations. Salesforce has worked with the CPB since March, providing it with tools to manage staff recruiting and communication.

Known for his outspoken public support of progressive causes, Benioff wrote in the memo that he is “opposed to separating children from their families at the border. It is immoral. I have personally financially supported legal groups helping families at the border. I also wrote to the White House to encourage them to end this horrible situation.”

Though the contract will continue, Salesforce chief operating officer Keith Block said on Twitter that Salesforce will donate $1 million to organizations supporting separated families, while its non-profit, Salesforce.org, will match employee contributions.

Salesforce is one of several companies that have denounced the separations, but continue to do business with government agencies involved in border policies. These include Microsoft, which has a contract with Immigration and Customs Enforcement (ICE) and Amazon, where employees reportedly asked chief executive officer Jeff Bezos to cancel contracts with government agencies that want to use its facial recognition tech. Google, on the other hand, reportedly decided not to renew a Pentagon contract after several employees resigned to protest its involvement with controversial AI research project Project Maven.

TechCrunch has contacted Salesforce for comment.

The Week in Internet News: Governments Shut Down Internet for School Testing

Couldn’t you just take their phones away? The government of Algeria told telecom carriers to shut down Internet service for several hours a day during high school testing season, according to several news reports. The government is trying to prevent the repeat of a situation in 2016, when exam questions were leaked online, reports Al Jazeera. The government of Iraq has taken similar action, the news agency says. It’s unclear how a short shutdown each day will prevent leaks.

Why IoT security is terrible: The headline is certainly catchy, but the IEEE Spectrum suggests that the Internet of things has some special security challenges including nation state hackers that are targeting the systems (although that’s true of other IT systems as well). Another of the six reasons: Many IoT systems, like your connected refrigerator, don’t have dedicated IT security workers looking out for them.

Score one for encryption: Using the encrypted WhatsApp, Syrian school girls banned from attending school in Islamic State-controlled territory, are taking pictures of school work and sharing it with each other, notes NakedSecurity, referencing a report on the BBC. “Education is everything, and it’s our weapon,” one of the girls says.

Not so fast, WhatsApp: The secure messaging app doesn’t always get high praise, however. The Guardian notes that critics of WhatsApp have blamed it for aiding the spread of fake news in India, Brazil, Kenya and the U.K. The privacy controls on the app make it difficult to monitor what information users are sharing, critics say.

AI against toxic trolls: In recent years, there’s been a lot of talk about using artificial intelligence to treat disease, to fight crime, and even to play chess and the game Go. One company is using the technology to combat toxic behavior in online game communities, reports VentureBeat. Spirit AI uses AI and related technologies to understand the general vibe of an online community and predict problems ahead of time.

No more online discount? The U.S. Supreme court has weighed in on a long-running dispute that allows many online retailers to avoid collecting sales tax from customers who live in a different state. But the Supreme Court has not ruled that states can force those sales tax collections, CNN reports. While some online retailers have been collecting tax for years, it appears that others may soon be joining them.

Do you know the risks of your IoT devices? No matter who you are, it pays to #GetIoTSmart.

The post The Week in Internet News: Governments Shut Down Internet for School Testing appeared first on Internet Society.

Pressure mounts on EU-US Privacy Shield after Facebook-Cambridge Analytica data scandal

Yet more pressure on the precariously placed EU-US Privacy Shield: The European Union parliament’s civil liberties committee has called for the data transfer arrangement to be suspended by September 1 unless the US comes into full compliance.

Though the committee has no power to suspend the arrangement itself. But has amped up the political pressure on the EU’s executive body, the European Commission .

In a vote late yesterday the Libe committee agreed the mechanism as it is currently being applied does not provide adequate protection for EU citizens’ personal information — emphasizing the need for better monitoring in light of the recent Facebook Cambridge Analytica scandal, after the company admitted in April that data on as many as 87 million users had been improperly passed to third parties in 2014 (including 2.7M EU citizens) .

Facebook is one of the now 3,000+ organizations that have signed up to Privacy Shield to make it easier for them to shift EU users’ data to the US for processing.

Although the Cambridge Analytica scandal pre-dates Privacy Shield — which was officially adopted in mid 2016, replacing the long-standing Safe Harbor arrangement (which was struck down by Europe’s top court in 2015, after a legal challenge that successfully argued that US government mass surveillance practices were undermining EU citizens’ fundamental rights).

The EU also now has an updated data protection framework — the GDPR  — which came into full force on May 25, and further tightens privacy protections around EU data.

The Libe committee says it wants US authorities to act upon privacy scandals such as Facebook Cambridge Analytica debacle without delay — and, if needed, remove companies that have misused personal data from the Privacy Shield list. MEPs also want EU authorities to investigate such cases and suspend or ban data transfers under the Privacy Shield where appropriate.

Despite a string of privacy scandals — some very recent, and a fresh FTC probe — Facebook remains on the Privacy Shield list; along with SCL Elections, an affiliate of Cambridge Analytica, which has claimed to be closing its businesses down in light of press around the scandal, yet which is apparently still certified to take people’s data out of the EU and provide it with ‘adequate protection’, per the Privacy Shield list…

MEPs on the committee also expressed concern about the recent adoption in the US of the Clarifying Lawful Overseas Use of Data Act (Cloud Act), which grants the US and foreign police access to personal data across borders — with the committee pointing out that the US law could conflict with EU data protection laws.

In a statement, civil liberties committee chair and rapporteur Claude Moraes said: “While progress has been made to improve on the Safe Harbor agreement, the Privacy Shield in its current form does not provide the adequate level of protection required by EU data protection law and the EU Charter. It is therefore up to the US authorities to effectively follow the terms of the agreement and for the Commission to take measures to ensure that it will fully comply with the GDPR.”

The Privacy Shield was negotiated by the European Commission with US counterparts as a replacement for Safe Harbor, and is intended to offer ‘essentially equivalent’ data protections for EU citizens when their data is taken to the US — a country which does not of course have essentially equivalent privacy laws. So the aim is to try to bridge the gap between two distinct legal regimes.

However the viability of that endeavor has been in doubt since the start, with critics arguing that the core legal discrepancies have not gone away — and dubbing Privacy Shield as ‘lipstick on a pig‘.

Also expressing concerns throughout the process of drafting the framework and since: The EU’s influence WP29 group (now morphed into the European Data Protection Board), made up of representatives of Member States’ data protection agencies.

Its concerns have spanned both commercial elements of the framework and law enforcement/national security considerations. We’ve reached out to the EDPB for comment and will update this report with any response.

Following the adoption of Privacy Shield, the Commission has also expressed some public concerns, though the EU’s executive body has generally followed a ‘wait and see’ approach, coupled with attempts to use the mechanism to apply political pressure on US counterparts — using the moment of the Privacy Shield’s first annual review to push for reform of US surveillance law, for example.

Reform that did not come to pass, however. Quite the opposite. Hence the arrangement being in the pressing bind it is now, with the date of the second annual review fast approaching — and zero progress for the Commission to point to try to cushion Privacy Shield from criticism.

There’s still no permanent appointment for a Privacy Shield ombudsperson, as the framework requires. Another raised concern has been over the lack of membership of the US Privacy and Civil Liberties Oversight Board — which remains moribund, with just a single member.

Threats to suspend the Privacy Shield arrangement if it’s judged to not be functioning as intended can only be credible if they are actually carried out.

Though the Commission will also want to avoid at all costs pulling the plug on a mechanism that more than 3,000 organizations are now using, and so which many businesses are relying on. So it’s most likely that it will again be left to Europe’s supreme court to strike any invalidating blow.

A Commission spokesman told us it is aware of the discussions in the European Parliament on a draft resolution on the EU- U.S. Privacy Shield. But he emphasized its approach of engaging with US counterparts to improve the arrangement.

“The Commission’s position is clear and laid out in the first annual review report. The first review showed that the Privacy Shield works well, but there is some room for improving its implementation,” he told TechCrunch.

“The Commission is working with the US administration and expects them to address the EU concerns. Commissioner Jourová was in the U.S. last time in March to engage with the U.S. government on the follow-up and discussed what the U.S. side should do until the next annual review in autumn.

“Commissioner Jourová also sent letters to US State Secretary Pompeo, Commerce Secretary Ross and Attorney General Sessions urging them to do the necessary improvements, including on the Ombudsman, as soon as possible.

“We will continue to work to keep the Privacy Shield running and ensure European’s data are well protected. Over 3000 companies are using it currently.”

While the Commission spokesman didn’t mention it, Privacy Shield is now facing several legal challenges.

Including, specifically, a series of legal questions pertaining to its adequacy which have been referred to the CJEU by Ireland’s High Court as a result of a separate privacy challenge to a different EU data transfer mechanism that’s also used by organizations to authorize data flows.

And judging by how quickly the CJEU has handled similar questions, the arrangement could have as little as  one more year’s operating grace before a decision is handed down that invalidates it.

If the Commission were to act itself the second annual review of the mechanism is due to take place in September, and indeed the Libe committee is pushing for a suspension by September 1 if there’s no progress on reforms within the US.

The EU parliament as a whole is also due to vote on the committee’s text on Privacy Shield next month, which — if they back the Libe position — would place further pressure on the EC to act. Though only a legal decision invalidating the arrangement can compel action.

Future Thinking: Arnaud Castaignet on Estonia’s e-citizenship

In 2017, the Internet Society unveiled the 2017 Global Internet Report: Paths to Our Digital Future. The interactive report identifies the drivers affecting tomorrow’s Internet and their impact on Media & Society, Digital Divides, and Personal Rights & Freedoms. In May 2018, we interviewed Arnaud Castaignet, head of public relations for Estonia’s e-Residency programme.

Mr Arnaud Castaignet is the head of public relations for the Republic of Estonia’s e-Residency programme, a government-issued digital ID offering the freedom to join a community of digitally empowered citizens and open and run a global EU company fully online from anywhere in the world. Previously, he worked for the French President François Hollande as a digital strategist. Arnaud is also a Board Member of Open Diplomacy, a Paris-based think tank established in 2010, and a member of the Young Transatlantic Network of Future Leaders, a flagship initiative of the German Marshall Fund of the United States specifically geared toward young professionals 35 years old and younger. Estonia not only became the first country to say that Internet access was a human right, but has given their citizens free public WiFi, enabled them to vote online since 2005, and are protecting them with strong privacy, transparency and data protection laws.

The Internet Society: Estonia’s e-Residency programme bridges traditional borders by offering any citizen of the world the opportunity to become a digital citizen of Estonia. How’s that working for you?

Arnaud Castaignet: The e-Residency programme was created in December 2014 with a radical but simple idea: why should a country only offer its services to its own citizens and residents and not also to anyone from anywhere in the world? E-Residency is a transnational digital ID accessible to anyone from anywhere in the world, giving access to Estonian e-services without actually coming to Estonia. Although Estonia sees access to Internet as a right, we know access to services is totally unfair around the world. Unfortunately, if you are not from the right country, if you don’t live in the right place, you might not be able to access basic services that are necessary to create and run your business. With e-Residency, we want to provide all people with equal access to services and opportunities.

Two core values are driving our action. The e-Residency programme is inclusive: every person on the planet is able to become an e-resident of Estonia. Our programme is also empowering: we believe everybody in the world should have an equal opportunity to access the tools they need to become a successful entrepreneur and reach their full potential. We believe in this principle of fair equality of opportunity. Those who have the same level of talent and capability and the same willingness to use those gifts should have the same prospects of success regardless of their social class or origin, where they live or decide to travel. Our message to entrepreneurs is “focus on your ideas, your business, your product; we will keep the way open for you.”

The Internet Society: Is it true that even the Japanese prime minister is an e-resident of Estonia?

Arnaud Castaignet: Several Head of States became e-residents as an acknowledgement of Estonia’s advanced digital society and as a support for our innovative programme. Shinzo Abe is one of them, but also Angela Merkel and Xavier Bettel, for instance.

The Internet Society: Do you think other countries will, in the future, follow Estonia’s example in offering e-residency to attract investors/businesses?

Arnaud Castaignet: We believe that, by definition, no model can be fully duplicated from one country to another. Having an e-Residency programme was only possible because, first, Estonia has been building a digital society throughout the years. It is also influenced by the country’s mindset regarding innovation and transparency, our belief in the need to build more business ties with the rest of the world, and our vision of the need for States to transform themselves into something more agile, inclusive and empowering.

But we often receive political delegations from countries willing to be inspired by our experience and we hear about projects such as “m-residency” in Azerbaijan or Lithuania’s plans to use blockchain technology to allow company creation. We are quite enthusiastic about such developments because it will force us to remain innovative. The world is changing very fast and countries can easily fall behind if they refuse to address new issues or bury their heads in the sand.

We are always willing to share our experience and expertise, not only about e-Residency, but also about how States can evolve. Just to give you an example, each year, Estonia saves the equivalent of 2 percent of its GDP by using digital signature. If this system would be generalized everywhere, many European countries could benefit.

The Internet Society: Estonia is often cited as the poster child of e-governance with its radical digital developments. Can you tell us more about what differentiates Estonia from other countries in this regard?

Arnaud Castaignet: I think the main difference is that Estonia’s digital society is based on trust. The government of Estonia is built upon a solid foundation of transparency, with personal privacy and data integrity taken very seriously. Each citizen (or resident, or e-resident) knows exactly which administration has checked its personal data. Digital society and e-governance can only be created if there is trust between the people, state authorities and private enterprises. Building trust has got very little to do with technical solutions, but has a great deal to do with mindsets and culture. Changing this mindset is much more difficult and time-consuming than creating technical solutions. This means a lot of everyday work in building openness and safeguarding privacy and transparency.

It also cannot be built overnight: it’s a long and challenging process, requiring help and collaboration from different institutional and private actors, and a matter that it feels natural to address at the very beginning of the process of digital transformation of a country. Information must be shared, administration and government must be transparent, informal forms of interaction must be built, and you need to develop internal secure IT systems for public institutions that can be trusted, from the inside and the outside.

The Internet Society: What is the feedback to your programme? Has there been backlash, especially at a time when nationalism appears to be on the rise in some European countries?

Arnaud Castaignet: We now have more than 40,000 e-residents from 150 countries. Their stories are of course very diverse but they all have one thing in common: our programme helped to solve issues faced by these entrepreneurs and freelancers around the world. These individuals now see Estonia as a problem-solving country and we are proud of it.

With e-Residency, we show that a country doesn’t have to choose between being inclusive to the rest of the world or to make its population wealthier. It is by opening our digital borders that we generate Estonia’s revenues for the future that will benefit all Estonian citizens. We know there are opposite trends in other countries and some governments are more interested in building new walls, but building barriers will only prevent their citizens from gaining new and more opportunities. Walls do not protect anyone.

The Internet Society: Blockchain underpins many of your services, but some people are arguing that blockchain’s benefits are unreasonably hyped. What has your experience shown?

Arnaud Castaignet: The Estonian government has been testing blockchain technology since 2008. From 2012, blockchain has been in use in Estonia’s registries, such as national health, judicial, legislative, security and commercial code systems, with plans to extend its use to other spheres such as personal medicine, cybersecurity and data embassies. We believe blockchain has a great potential because it can improve trust in systems and, in our case, it adds an extra layer of security.

Whether we like it or not, the world is becoming more decentralised. The development of blockchain technology should make us build new lending relationships between citizens, companies and the state. I would say it is for the best because this is one of the reasons why blockchain has such a great potential. Not only does it have the ability to remove entrenched middlemen, but it can also improve the overall transparency of our systems. Of course, coordination and openness amongst technologists, designers and citizens is necessary. However, we must not be overly optimistic about the capacity of technological innovation, on its own, to change the course of history. People always come first.

The Internet Society: Can you tell us more about how Estonia encourages transparency in legislative processes? Why is it important, in your experience, to involve all stakeholders in governance? 

Arnaud Castaignet: The Estonian public can read every draft law submitted since February 2003. This system is also using blockchain technology. Readers can see who submitted the legislation, its current status, and changes made to it as it passed through the parliamentary process. Once a proposed act becomes law, it is published in the online state gazette, another searchable database that acts as an open legal library. The idea behind it is to increase the level of transparency in the state, to cut down corruption, and encourage citizens to take an active interest in legislative affairs. In 2017, the citizen initiative portal Rahvaalgatus.ee was launched, also making it possible to compose and send collective initiatives to the Estonian Parliament.

The Internet Society: What does the Estonian digital example tell us about the future of governance? What will the role of governments be in the future? Will they become more technocratic or neutral stewards of citizens’ increasingly digital lives (taxes, e-commerce, etc.)?

Arnaud Castaignet: We are facing an unprecedented era of change with multiple waves of technology enabling new business models and reshaping our economies and societies. Increasingly accustomed to living and working digitally, citizens might now have higher expectations for government’s technological adeptness and capability in the future. Most government structures and processes date to earlier than the 1950s and some of them seem to be more interested in building new walls rather than better serving their population in the digital age. These governments may face irrelevance if they don’t adapt to the new needs, habits and practices of their citizens.

The Internet Society: With Estonia’s ID card being central to life in Estonia – including banking, benefits, paying for parking tickets, accessing medical records, voting, renewing licences, etc. – how do you deal with fears about data protection, cybersecurity, and privacy?

Arnaud Castaignet: We must deal with any situation with full transparency because our digital nation depends on the trust of all its people — citizens, residents and e-residents. You cannot expect trust if the State is not transparent and accountable. If there is no citizen control of the use of personal data, citizens would be legitimately worried about their privacy. In Estonia, to ensure transparency and accountability, citizens are allowed to monitor their own privacy. They can trace anyone who has tried to access their data by logging on to the state portal, eesti.ee. There have been a few cases — among doctors and policemen, for instance — where people have been sentenced for unethically accessing certain databases. Protecting the integrity of our digital identity is always a top priority.

But being pioneers in these fields also means we will sometimes be among the first to encounter new challenges. Ten years ago, Estonia was the first in the world to experience a nationwide cyber-attack, for example, although no data was compromised. The attack served as a wake-up call for how the country’s digital infrastructure could be secured through radical new technology. Of course, no system can be fully secured but we still believe paper-based administrations are less secured than digital ones.

The Internet Society: Could your e-Residency programme redefine what it means to be a country in the future? Do you think digital identity will one day extend to constitutional rights or actual citizenship too, and not just everyday matters?

Arnaud Castaignet: Our secure digital identity system and e-services facilitate locational independence. The state serves not only its sparsely populated areas, but also the entire Estonian diaspora. Estonians who live anywhere in the world can maintain a connection to their homeland via e-services, contribute to the legislative process and even participate in elections. All of this facilitates the mobility of the population, while maintaining a strong link between them and public services. The e-Residency programme is now redefining this because it allows non-Estonians to benefit from these services; they use our country as a service. This was the idea behind the launch of our programme: why not also offer these e-services to non-Estonians, even those who do not reside in Estonia, who need better everyday solutions than those offered by their own states?

What we see is that this system also redefines what being an Estonian means. As President Kaljulaid said, “one can be Estonian in many ways. You can be an Estonian by thinking the same way we do, by having an interest in our country, by being an e-resident”. As I said, many e-residents want to know more about Estonia after they discover the country as a result of e-Residency. Some of them learn the language, others want to physically move here, and most of them become the best promoters of our country. They don’t give up their national identity, they add another that contributes to build their own personal identity and the way in which they define themselves. Global citizens need inclusive identities.

I, for instance, consider my personal identity as being fully global: I am an European, a French citizen of Cambodian origin, working for the Estonian government and benefiting from both French and Estonian services. Just as national identities are made up from national myths and ideas, personal identities are a construction based on several factors: the nationality and citizenship, of course, but also values, ideas, experience, areas of interests, among other things.

Right now, being an e-resident doesn’t mean having civil or legal rights in Estonia. If we reach hundreds of thousands of e-residents contributing to Estonian economy and benefiting from Estonian services, we will need to find ways for them to be more integrated to Estonian society, which will make the Estonian community much bigger. Estonia might one day have 1,3 million citizens but a community of 10 million e-residents feeling at least partly Estonian.

The Internet Society: What does this changing notion of identity mean for the future of privacy?

Arnaud Castaignet: Old, paper methods of identification – passports, birth certificates, driving licences, utility bills – are simply not suited for an online world. Access to health, banking and education also remains difficult for more than one billion people, including refugees and displaced populations, without an ID. The UN and other intergovernmental initiatives set a goal of providing everyone on the planet with a legal ID by 2030. It is well documented that those with access to a form of identity are better protected and able to access essential services than those who do not have an official identity. Digital identity and access systems can unlock a range of basic and empowering services for individuals, including financial inclusion, healthcare and education. They also hold significant promise for helping refugees and displaced populations to access immediate and longer-term services.

For public authorities, the key challenge will be to create harmonious digital bonds that secure the relationship between digital identities and wider society. This is only possible through a public framework of trust, built on guarantees of private data protection and security. To empower individuals, identity systems need to enhance security and convenience, preserve privacy and uphold individual rights and freedoms. Privacy and user control are core to realizing the full potential of digital identity. Stakeholders must create pre-emptive and responsive tools for safeguarding users against privacy violations, and establish legal frameworks and mechanisms for oversight and recourse in the event of misuse or abuse.

The Internet Society: What are your hopes for the future of the Internet? What are your fears?

Nothing new comes into our lives without a hidden curse. My biggest fear is that the Internet might help to perpetuate socioeconomic divides, especially if digital inequalities remain. In my opinion, the Internet must be a tool to reduce inequalities, whether they are digital, socioeconomic, geographical, etc. This is why topics such as net neutrality, for example, matter. When one attacks net neutrality, we know it will harm the poor because it reduces access to opportunities. We know from history that disruptive and game-changing ideas often come from the margins, not from big and established actors.

Of course, no one knows exactly how the Internet will evolve. I am convinced that, despite much of the negativity in the news right now, the overall trend appears to be positive for the opportunities that await our generation and the next one. My biggest hope is that Internet will allow more innovators to forge a way to the unknown by offering equal opportunities, thanks to access to services, information and education.  I am quite optimistic that governments and institutions will use the Internet to build more bridges and invest in skills development, and particularly soft skills – that combination of people skills, social skills, communication skills, character traits, social and emotional intelligence, that are absolutely crucial in the digital age. These skills will help citizens to adapt to disruption and will facilitate social and geographical mobility – some of the main issues and opportunities of our century – and increase the knowledge of others, other cultures and people.

What do you think the future of the Internet looks like? Explore the 2017 Global Internet Report: Paths to Our Digital Future to see how the Internet might transform our lives across the globe, then choose a path to help shape tomorrow.


Photo credit: Web Summit

The post Future Thinking: Arnaud Castaignet on Estonia’s e-citizenship appeared first on Internet Society.

The Week in Internet News: The FBI Has Fewer Unopened Encrypted Devices Than Reported

Going dark with encryption: The U.S. FBI, for years now, has complained about its inability to access encrypted information held on the smartphones and other devices owned by criminal suspects. But the agency may have been overstating this so-called “going dark” problem, the Washington Post reported this week. A programming error at the FBI led the agency to report that it has seized about 7,800 mobile devices that it cannot open, but the actual number may be less than 2,000, the story says.

AI as Big Brother: Artificial intelligence is being used to track down criminals by combing through data faster than humans can, reports The Telegraph. The story features AI startup Senzing, an IBM spinoff. Meanwhile, the government of China is increasingly using AI to assist its Great Firewall program, says Internet of Business.

A bad year for security: This year is shaping up to be a terrible year for cybersecurity, due in part to poor Internet of Things security, reports Security Boulevard. In addition to the IoT concerns, 85 percent security executives surveyed worry their countries will experience a crucial infrastructure attack in the next five years.

Banking on blockchain and AI: Banks’ use of blockchain, AI, and cloud computing are supposedly challenging traditional views of risk and risk management, reports Internet of Business. A U.K. research paper suggests banks’ increasing use of cloud-based data storage and experimental applications of AI and blockchain could create new risks for them.

Fake laws: A proliferation of laws against the spreading of fake news aren’t the answer to the problem, says a column at Bloomberg.com. Social media is too valuable to leave in the hands of government, the columnist writes.

No Internet for you: The southern India state of Tamil Nadu ordered the suspension of Internet services in parts of three regions to “prevent spread of rumors through social media and help bring public tranquility,” reports the Times of India. The government blamed social media for violence during a massive protest against a copper plant.

Read the Internet Society’s Artificial Intelligence and Machine Learning policy paper and explore how it might impact the Internet’s future.

The post The Week in Internet News: The FBI Has Fewer Unopened Encrypted Devices Than Reported appeared first on Internet Society.

Building the Digital Silk Road Together: Kyrgyz Chapter Proposes Ideas for Internet Development in Central Asia at Cambridge University Forum

Central Asia, the most remote landlocked mountainous region in the world, has some of the most expensive Internet in global comparison. The cost of it can easily reach 10-20% of average monthly salary. In absolute terms, the price of the Internet can reach triple digits for 1 Mbps.

Acknowledging such challenges and considering the benefits that the Internet can bring, Central Asian governments are embarking on national digitalization strategies. The Kyrgyz Republic has launched a national program on digital transformation “Taza Koom” (“Transparent Society”). The program focuses on building an open government and a digital economy.

When it comes to digital development strategies, cooperation among countries is a mutually beneficial approach. To foster such collaboration, Cambridge University initiated a common platform called Digital Dialogue for Central Asia. The first meeting of this platform Making Inroads into Digital Transformation took place in Astana in April 2018.

Speaking at the forum on behalf of the Internet Society’s Kyrgyz Chapter, I proposed to jointly build the Digital Silk Road guided by the slogan: “free movement of ideas, people, creativity, technology and innovation”. Central Asia, with its favourable geographical location in Eurasia, could become the connecting host and focal point – a global digital hub – connecting different continents.

The region has talented people and beautiful nature that offers energy and inspiration. The Internet has become our ocean of possibilities and Central Asia can be the virtual window to the entire Eurasian region.

As a specific proposal for innovative cooperation, we proposed the idea of extending the network of fiber-optic communications lines through the territory of the Central Asia connecting the East and the West. Simultaneously, the World Bank is helping connect the South and the North through the Digital CASA project.

Another idea under implementation with the support of the Internet Society’s Beyond the Net Programme is the Digital Silk Road IXP in the Ferghana Valley, one of the most densely populated areas in the world, bordering three Central Asia countries of Kyrgyzstan, Tajikistan, and Uzbekistan.

Improving Internet connectivity in Central Asia would bring many economic opportunities and social benefits to the citizens of the Central Asian countries. This is a mutually beneficial effort that would help the region to leapfrog in terms of sustainable economic development. The region that was the world’s centre of culture and science during the times of the Ancient Silk Road gets a new chance to become one of the vibrant regions of the globe thanks to the Digital Silk Road.

The discussions on Internet development in Central Asia will continue at the Central Asian Internet Governance Forum on 21-22 June in Astana, Kazakhstan.

Learn more about Internet Governance and why every voice matters.

The post Building the Digital Silk Road Together: Kyrgyz Chapter Proposes Ideas for Internet Development in Central Asia at Cambridge University Forum appeared first on Internet Society.