Posts by Gus Rossi:

Last week, the European Parliament voted 348 to 274 to pass the Copyright Directive. Unless something truly extraordinary happens during the upcoming meeting of the European Council — think of it as the Senate of the EU, where the governments of Member States are represented — draconian and highly disruptive new rules on content licensing and monitoring will become EU law.
Read More
Last week, thanks to investigative reporting, we learned that Facebook discovered in January that it was storing millions of users’ passwords in plain text format, making them fully readable for thousands of its employees. Facebook has acknowledged that this was a serious security error and privacy breach on its side, as its systems, ideally, “are designed to mask passwords using techniques that make them unreadable”, and promised that it “will be notifying everyone whose passwords we have found were stored in this way.” There is no evidence that any of the thousand employees with access to these unencrypted passwords actually accessed them, but Facebook’s decision to remain mum reveals an important lesson for the overarching privacy and security policy debate. Importantly, data security incidents are a widespread problem that goes well beyond Facebook.
Read More
Last month, Facebook announced a draft charter for a future Oversight Board for Content Decisions. When implemented, the Oversight Board for Content Decisions, composed of independent experts, would be the last instance reviewer of important and disputed content moderation cases for the platform.
Read More
Last week, the New York Times reported that Facebook has decided to integrate the back-end infrastructures of its three fully-owned messaging products: Facebook Messenger, WhatsApp, and Instagram. At Public Knowledge, aware of the different nature, features, and conditions of use of these three services, we are carefully following the possible privacy and security and competition implications of this market-changing move.
Read More
If you follow global tech policy, you probably know that the European Union is in the process of adopting a Copyright Directive to update its copyright framework. The Copyright Directive is infamous on this side of the Atlantic because of the mandate for automated web filters contained in Article 13 of the same. Elsewhere, we’ve written about the harmful effects for free expression that Article 13 would have.
Read More
The International Telecommunication Union (ITU) is a United Nations (UN) agency originally created in 1865 to manage cross-national telegraphic communications, and is increasingly seen by its member states as the technology policy branch of the UN system. While to date it is formally responsible only for telecommunications issues, in recent years the ITU has hosted a global summit on Artificial Intelligence (AI), organized a workshop on e-payments and 5G, held a forum on the Internet of Things and Smart Cities, studied the economic impact of the so-called Over-The-Top (OTT) internet services such as WhatsApp or YouTube, developed a global cybersecurity index, and analyzed privacy in cloud computing. That, on top of ITU’s fundamental mandate and ongoing work to help connect the hundreds of millions who are still unconnected.
Read More
Over the past two weeks, you’ve probably received numerous privacy policy updates from online companies. For example, last week LinkedIn sent its users an e-mail informing them of changes to its Terms of Service and Privacy Policy, explaining, “[w]e now meet the high standard for data privacy introduced by the new European data protection law known as the General Data Protection Regulation (GDPR), which goes into effect later in May.”
Read More
On April 12th, the Irish High Court elevated a series of questions to the European Court of Justice (ECJ, the Supreme Court of the European Union) regarding the validity of key legal instruments used by American tech companies to process Europeans’ personal data. Judge Caroline Costello of the Irish High Court is concerned about the national surveillance practices of the United States and the level of privacy rights observed there.
Read More
Europe’s new privacy law, the General Data Protection Regulation (GDPR) will enter into force in May 2018. Understandably, given that data breaches and privacy violations have been in the headlines lately — and given that the GDPR will reshuffle privacy protection in Europe and beyond — many in the United States are looking to the GDPR for ideas of what to do – and what not to do. We think that it would be impractical and ineffective to copy and paste the GDPR to U.S. law — the institutions and legal systems are just too different.
Read More
Last week, Public Knowledge and the Organization of American States (OAS) organized a joint roundtable on “Cybersecurity and Civil Society in the Americas,” which took place at the OAS headquarters in Washington, D.C. Thanks to the support of Open Society Foundations, the roundtable included civil society organizations from all over the Americans: Derechos Digitales, Instituto Brasileiro de Defesa do Consumidor (IDEC), ADC Asociación por los Derechos Civiles (ADC), Centro de Estudios Legales y Sociales (CELS), Karisma, TEDIC, Red en Defensa de los Derechos Digitales (R3D), CodingRights, InternetLab, Datos Protegidos, Ipandetec, Hiperderecho, Access Now, New America, and more. It also included the active participation of high-ranking members of the Canadian, American, Colombian, and Guatemalan governments, the Brazilian Armed Forces, and private organizations.
Read More