EU

Trump Withdraws US From Iran Nuclear Deal (nytimes.com) 900

President Trump on Tuesday announced he is withdrawing the United States from the Iran nuclear deal, a historic accord signed in 2015 that aims to limit Tehran's nuclear ability for more than a decade in return for lifting international oil and financial sanctions against the country. "This was a horrible one-sided deal that should never, ever been made," Mr. Trump said at the White House in announcing his decision. "It didn't bring calm, it didn't bring peace, and it never will." The New York Times reports: Mr. Trump's announcement, while long anticipated and widely telegraphed, plunges America's relations with European allies into deep uncertainty. They have committed to staying in the deal, raising the prospect of a diplomatic and economic clash as the United States reimposes stringent sanctions on Iran. It also raises the prospect of increasing tensions with Russia and China, which also are parties to the agreement.

One person familiar with negotiations to keep the accord in place said the talks collapsed over Mr. Trump's insistence that sharp limits be kept on Iran's nuclear fuel production after 2030. The deal currently lifts those limits. As a result, the United States is now preparing to reinstate all sanctions it had waived as part of the nuclear accord -- and impose additional economic penalties as well, according to another person briefed on Mr. Trump's decision.
Despite Trump's decision, President Hassan Rouhani said that Iran would remain committed to a multinational nuclear deal. "If we achieve the deal's goals in cooperation with other members of the deal, it will remain in place. [...] By exiting the deal, America has officially undermined its commitment to an international treaty," Rouhani said in a televised speech. "I have ordered the foreign ministry to negotiate with the European countries, China and Russia in coming weeks. If at the end of this short period we conclude that we can fully benefit from the JCPOA with the cooperation of all countries, the deal would remain," he added.
EU

New Service Blocks EU Users So Companies Can Save Thousands on GDPR Compliance (bleepingcomputer.com) 553

Catalin Cimpanu, reporting for BleepingComputer: A new service called GDPR Shield made the rounds last week and for all the wrong reasons. The service, advertised as a piece of JavaScript that webmasters embed on their sites, blocks EU-based users from accessing a website, just so the parent company won't have to deal with GDPR compliance. GDPR, or General Data Protection Regulation, is a new user and data privacy regulation slated to come into effect in the EU three weeks from now, on May 25, 2018.

The new regulation brings a wealth of protections to user privacy but is a nightmare for companies doing business in Europe. The reasons are plenty, but the humongous fines for failing to meet GDPR standards are at the top of the list for most companies ($24 million or 4% of a company's annual worldwide revenue -- whichever is higher). There's also the 72-hour deadline to reveal data breaches and the necessity of hiring a so-called "Data Protection Officer." Plus, GDPR also mandates that companies must inform users on what data they collected about them, allow them to review the data, and even let users delete the data from the company's servers if they so wish.

Privacy

Email Unsubscription Service Unroll.me To Close To EU Users Saying it Can't Comply With GDPR (techcrunch.com) 76

Unroll.me, a company that has, for years, used the premise useful "email unsubscription" service to gain access to people's email inboxes in order to data-mine the contents for competitive intelligence -- and controversially flog the gleaned commercial insights to the likes of Uber -- is to stop serving users in Europe ahead of a new data protection enforcement regime incoming under GDPR, which applies from May 25. From a report: In a section on its website about the regional service shutdown, the company writes that "unfortunately we can no longer support users from the EU as of the 23rd of May," before asking whether a visitor lives in the EU or not. Clicking 'no' doesn't seem to do anything but clicking 'yes' brings up another info screen where Unroll.me writes that this is its "last month in the EU" -- because it says it will be unable to comply with "all GDPR requirements" (although it does not specify which portions of the regulation it cannot comply with).
The Internet

Will GDPR Kill WHOIS? (theregister.co.uk) 215

Slashdot reader monkeyzoo shares the Register's report on a disturbing letter sent to ICANN: Europe's data protection authorities have effectively killed off the current service, noting that it breaks the law and so will be illegal come 25 May, when GDPR comes into force... ICANN now has a little over a month to come up with a replacement to the decades-old service that covers millions of domain names and lists the personal contact details of domain registrants, including their name, email and telephone number. ICANN has already acknowledged it has no chance of doing so... The company warns that without being granted a special temporary exemption from the law, the system will fracture. ["Registries and registrars would likely implement varying levels of access to data depending on their interpretations of the law," ICANN warns.]
"ICANN had made the concept of a moratorium the central pillar of its effort to become compliant with the law," writes the Register. "But its entire strategy was built on a fantasy."

Thursday the EU's data protection advisory group told the site that there's no provision in the GDPR for an "enforcement moratorium", and the Register adds that the EU's data protection advisory group "is clearly baffled by ICANN's repeated requests for something that doesn't exist."
EU

EU Votes To Ban Bee-Harming Pesticides (theguardian.com) 130

An anonymous reader quotes a report from The Guardian: The European Union will ban the world's most widely used insecticides from all fields due to the serious danger they pose to bees. The ban on neonicotinoids, approved by member nations on Friday, is expected to come into force by the end of 2018 and will mean they can only be used in closed greenhouses.

Bees and other insects are vital for global food production as they pollinate three-quarters of all crops. The plummeting numbers of pollinators in recent years has been blamed, in part, on the widespread use of pesticides. The EU banned the use of neonicotinoids on flowering crops that attract bees, such as oil seed rape, in 2013. fBut in February, a major report from the European Union's scientific risk assessors (Efsa) concluded that the high risk to both honeybees and wild bees resulted from any outdoor use, because the pesticides contaminate soil and water. This leads to the pesticides appearing in wildflowers or succeeding crops. A recent study of honey samples revealed global contamination by neonicotinoids. The ban on the three main neonicotinoids has widespread public support, with almost 5 million people signing a petition from campaign group Avaaz.

Communications

WhatsApp Raises Minimum Age In Europe To 16 Ahead of Data Law Change (reuters.com) 39

WhatsApp is raising its minimum age from 13 to 16 in Europe to help it comply with new data privacy rules coming into force next month. The app will ask European users to confirm they are at least 16 years old when they are prompted to agree to new terms of service and a privacy policy provided by a new WhatsApp Ireland entity in the next few weeks. Reuters reports: Facebook, which has a separate data policy, is taking a different approach to teens aged between 13 and 15 in order to comply with the European General Data Protection Regulation (GDPR) law. It is asking them to nominate a parent or guardian to give permission for them to share information on the platform, otherwise they will not see a fully personalized version of the social media platform. But WhatsApp, which had more than 1.5 billion users in January according to Facebook, said in a blog post it was not asking for any new rights to collect personal information in the agreement it has created for the European Union. WhatsApp's minimum age of use will remain 13 years in the rest of the world, in line with its parent.
EU

EU Opens Competition Probe Into Apple's Bid For Music App Shazam (reuters.com) 21

EU antitrust regulators opened an investigation on Monday into Apple's bid for British music discovery app Shazam, concerned the deal might give the iPhone maker an unfair advantage in poaching users from its rivals. From a report: Apple announced the deal in December to help it better compete with industry leader Spotify. Shazam lets users identify songs by pointing a smartphone at the audio source. The European Commission said it was concerned about Apple's access to data on Shazam's users who use competing music streaming services in Europe.
Facebook

Facebook Starts Its Facial Recognition Push To Europeans (techcrunch.com) 42

An anonymous reader quotes a report from TechCrunch: Jimmy Nsubuga, a journalist at Metro, is among several European Facebook users who have reported getting notifications asking if they want to turn on face recognition technology. Facebook has previously said an opt-in option would be pushed out to all European users, and also globally, as part of changes to its T&Cs and consent flow. In Europe, the company is hoping to convince users to voluntarily allow it to deploy the privacy-hostile tech -- which was turned off in the bloc after regulatory pressure, back in 2012, when Facebook began using facial recognition to offer features such as automatically tagging users in photo uploads. But under impending changes to its T&Cs -- ostensibly to comply with the EU's incoming GDPR data protection standard -- the company has crafted a manipulative consent flow that tries to sell people on giving it their data; including filling in its own facial recognition blanks by convincing Europeans to agree to it grabbing and using their biometric data after all. Users who choose not to switch on facial recognition still have to click through a "continue" screen before they get to the off switch. On this screen Facebook attempts to convince them to turn it on -- using manipulative examples of how the tech can "protect" them.
EU

Facebook To Put 1.5 Billion Users Out of Reach of New EU Privacy Law (reuters.com) 95

An anonymous reader quotes a report from Facebook: If a new European law restricting what companies can do with people's online data went into effect tomorrow, almost 1.9 billion Facebook users around the world would be protected by it. The online social network is making changes that ensure the number will be much smaller. Facebook members outside the United States and Canada, whether they know it or not, are currently governed by terms of service agreed with the company's international headquarters in Ireland. Next month, Facebook is planning to make that the case for only European users, meaning 1.5 billion members in Africa, Asia, Australia and Latin America will not fall under the European Union's General Data Protection Regulation (GDPR), which takes effect on May 25. That removes a huge potential liability for Facebook, as the new EU law allows for fines of up to 4 percent of global annual revenue for infractions, which in Facebook's case could mean billions of dollars.
Facebook

Facebook Admits To Tracking Users, Non-Users Off-Site (theguardian.com) 147

Facebook said in a blog post yesterday that they tracked users and non-users across websites and apps for three main reasons: providing services directly, securing the company's own site, and "improving our products and services." The statement comes as the company faces a U.S. lawsuit over a controversial facial recognition feature launched in 2011. The Guardian reports: "When you visit a site or app that uses our services, we receive information even if you're logged out or don't have a Facebook account. This is because other apps and sites don't know who is using Facebook," Facebook's product management director, David Baser, wrote. "Whether it's information from apps and websites, or information you share with other people on Facebook, we want to put you in control -- and be transparent about what information Facebook has and how it is used."

But the company's transparency has still not extended to telling non-users what it knows about them -- an issue Zuckerberg also faced questions over from Congress. Asked by Texas representative Gene Green whether all information Facebook holds about a user is in the file the company offers as part of its "download your data" feature, Zuckerberg had responded he believed that to be the case. Privacy campaigner Paul-Olivier Dehaye disagreed, noting that, even as a Facebook user, he had been unable to access personal data collected through the company's off-site tracking systems. Following an official subject access request under EU law, he told MPs last month, Facebook had responded that it was unable to provide the information.

Robotics

Europe Divided Over Robot 'Personhood' (politico.eu) 246

Politico Europe has an interesting piece which looks at the high-stakes debate between European lawmakers, legal experts and manufacturers over who should bear the ultimate responsibility for the actions by a machine: the machine itself or the humans who made them?. Two excerpts from the piece: The battle goes back to a paragraph of text, buried deep in a European Parliament report from early 2017, which suggests that self-learning robots could be granted "electronic personalities." Such a status could allow robots to be insured individually and be held liable for damages if they go rogue and start hurting people or damaging property.

Those pushing for such a legal change, including some manufacturers and their affiliates, say the proposal is common sense. Legal personhood would not make robots virtual people who can get married and benefit from human rights, they say; it would merely put them on par with corporations, which already have status as "legal persons," and are treated as such by courts around the world.

Google

Google Seeks To Limit 'Right To Be Forgotten' By Claiming It's Journalistic (cjr.org) 203

"In the first 'right to be forgotten' case to reach England's High Court, two men are fighting to keep their past crimes out of Google's search results, and the tech giant is fighting back by claiming it's 'journalistic.'" Chava Gourarie reports via Columbia Journalism Review: The case, which is actually two nearly identical cases, involves two businessmen who were both convicted of white-collar crimes in the '90s, and requested that Google delist several URLs referencing their convictions, including news articles. When Google denied their requests, they sued under a 2014 European Union ruling which established the right of individuals to have information delisted from search indexes under certain conditions. In its defense, Google has argued that it should be protected under an exception for journalism because it provides access to journalistic content. Even as a legal sleight of hand, the argument is quite a departure from Google's customary efforts to present itself as a disinterested arbiter of information, a position that has become more untenable with time.

Gareth Corfield, a reporter for The Register who covered the cases from the courtroom, said it's disingenuous of Google to put on the mantle of journalism only when it suits them. "They've gone through great lengths to say they don't make any editorial judgement in processing results," Corfield said, but "it now wants you to believe it is on a par with journalism." As the first case to test the "right to be forgotten" in England's High Court, its outcome will likely set some ground rules in the roiling debate between personal privacy and freedom of expression on the internet. Google's sudden identification with journalism may be a legal gambit, but it could have far-reaching effects across the landscape of data protection laws.

Twitter

Twitter Bans 270,000 Accounts For 'Promoting Terrorism' (theguardian.com) 95

According to Twitter's latest transparency report, the social media company removed more than 270,000 accounts around the world for promoting terrorism in the second half of 2017. The number of accounts permanently suspended for sharing what the firm called extremist content between July and December represents a drop for the second period in a row. The Guardian reports: The social network puts this down to "years of hard work making our site an undesirable place for those seeking to promote terrorism." Nick Pickles, Twitter UK's head of public policy, said: "The overwhelming majority of these accounts were detected by our own technology, with just 0.2% of the accounts we suspended in 2017 being flagged by the police." Almost 75% of accounts were suspended before they sent their first tweet, according to the report, and 93% were discovered by tools that Twitter engineers had built. Twitter is understood to also use a combination of US and EU lists of terrorist organizations as well as research from academics and experts to identify terrorists on its network. The number of reports of abusive behavior submitted by government representatives also dropped amid a marked change in the type of abusive behavior reported. Two-thirds of the 10,000 reports concerned violated rules over impersonation, with only 16% of the reports for harassment and 12% for hateful conduct. Harassment and hateful conduct each accounted for a third of reported accounts in the first half of 2017. Only a quarter of reports of abusive behavior submitted by government representatives were acted upon by Twitter, compared with 98% of reports relating to the "promotion of terrorism."
The Internet

One of Estonia's First 'e-Residents' Explains What It Means To Have Digital Citizenship 76

An anonymous reader shares a report from Quartz, written by Estonian e-Resident April Rinne: In 2014, Estonia, a country previously known as much for its national singing revolution as anything else, became the first country in the world to launch an e-Residency program. Once admitted, e-Residents can conduct business worldwide as if they were from Estonia, which is a member of the EU. They are given government-issued digital IDs, can open Estonian bank and securities accounts, form and register Estonian companies, and have a front-row seat as nascent concepts of digital and virtual citizenship evolve. There is no requirement to have a physical presence in Estonia. [...] Three years in, what I find most incredible about e-Residency is that it actually works.

E-Residency was appealing to me for several reasons (none of which include dodging the law, taxes, or other civic responsibilities). I have Finnish heritage and for many years was intrigued by Finland's "smaller neighbor." And, I'd just joined an Estonian startup as an advisor. Becoming an e-Resident would allow me to receive payment from clients in Euros from any company without worrying about currency fluctuations, and to own shares in the company (previously this would have required various administrative work-arounds). [...] At a basic level, e-Residency makes working overall simpler and, ideally, more streamlined. This plays out in many ways, depending on the type of worker or organization. For example, many bona fide small- and mid-sized companies in other regions simply could not get access to European markets. The costs of entry and other requirements made it prohibitively cumbersome. E-Residency gives them a new avenue to do this; they still have to prove their merits, but the playing field is more level. For independent entrepreneurs, especially those working in different countries, Estonia makes the entire process of establishing and maintaining a small business easier, faster and more affordable. In my case, I'm able to transact, bank, and sign documents easily. I still maintain my U.S. presence -- because a non-trivial amount of my portfolio is in the U.S., and I maintain a range of local commitments and community -- but many of my fellow e-Residents have shifted their entire enterprise to Estonia.
In conclusion, Rinne notes the imperfections of the residency: "multiple times I had to disable firewalls to get digital services to work, and the e-Residency team discovered a potential bug in late 2017 which led them to deactivate all ID cards until they could be updated through the internet." All in all the experience has been "useful beyond measure," Rinne writes. "It has enabled me to re-think not only how I work, but also the many ways in which the world of work itself is changing and emerging opportunities for the future."
Facebook

Facebook CEO Says Not Planning To Extend European Privacy Law Globally (reuters.com) 84

Facebook CEO Mark Zuckerberg said on Tuesday that the social network had no immediate plans to apply a strict new European Union law on data privacy in its entirety to the rest of the world. The news comes as Facebook reels from a scandal over its handling of personal information of millions of its users. Reuters reports: Zuckerberg told Reuters in a phone interview that Facebook already complies with many parts of the law ahead of its implementation in May. He said the company wanted to extend privacy guarantees worldwide in spirit, but would make exceptions, which he declined to describe. His comments signals that U.S. Facebook users, many of them still angry over the company's handling of personal information, may soon find themselves in a worse position than Europeans. The European law, called the General Data Protection Regulation (GDPR), is the biggest overhaul of online privacy since the birth of the internet, giving Europeans the right to know what data is stored on them and the right to have it deleted. Asked what parts of the EU law he would not extend worldwide, Zuckerberg said: "We're still nailing down details on this, but it should directionally be, in spirit, the whole thing." He did not elaborate.
Privacy

When it Comes To Privacy, Consent is Immaterial. Corporate and Gov't Surveillance Systems Must Be Stopped Before They Ask For Consent: Richard Stallman (theguardian.com) 266

In a rare op-ed, Richard Stallman, the president of the Free Software Foundation, says that the surveillance imposed on us today is worse than in the Soviet Union. He argues that we need laws to stop this data being collected in the first place. From his op-ed: The surveillance imposed on us today far exceeds that of the Soviet Union. For freedom and democracy's sake, we need to eliminate most of it. There are so many ways to use data to hurt people that the only safe database is the one that was never collected. Thus, instead of the EU's approach of mainly regulating how personal data may be used (in its General Data Protection Regulation or GDPR), I propose a law to stop systems from collecting personal data.

The robust way to do that, the way that can't be set aside at the whim of a government, is to require systems to be built so as not to collect data about a person. The basic principle is that a system must be designed not to collect certain data, if its basic function can be carried out without that data. Data about who travels where is particularly sensitive, because it is an ideal basis for repressing any chosen target.

EU

EU's Long-Promised Digital Media Portability Rules Go Into Effect (wired.co.uk) 35

The EU's long-promised digital media portability rules have taken effect as of April 1st, letting residents access Netflix, Amazon Prime Video and other paid digital media services in other member countries as if they were still at home. From a report: The European Commission's 'digital single market strategy,' which last year claimed victory over mobile roaming charges, has now lead to it passing the 'portability regulation,' which will allow users around the EU to use region locked services more freely while travelling abroad. Under currently active rules, what content is available in a certain territory is based on the specific local rights that a provider has secured. The new rules allow for what Phil Sherrell, head of international media, entertainment and sport for international law firm Bird and Bird, calls "copyright fiction," allowing the normal rules to be bent temporarily while a user is travelling.

The regulation was originally passed in June 2017, but the nine-month period given to rights holders and service providers to prepare is about to expire, and thereby making the rules enforceable. From today, content providers, whether their products are videos, music, games, live sport or e-books, will use their subscribers' details to validate their home country, and let them access all the usual content and services available in that location all around the Union.

EU

European Commission Says It Will Cancel All 300,000 UK-Owned .EU Domains (theregister.co.uk) 461

Brexit has hit the internet, and not in a good way. From a report: In an official statement Thursday, the European Commission announced it will cancel all 300,000 domains under the .eu top-level domain that have a UK registrant, following Britain's eventual departure from the European Union. "As of the withdrawal date, undertakings and organizations that are established in the United Kingdom but not in the EU and natural persons who reside in the United Kingdom will no longer be eligible to register .eu domain names," the document states, adding, "or if they are .eu registrants, to renew .eu domain names registered before the withdrawal date." Going even further, the EC suggested that existing .eu domains might be cancelled the moment Brexit happens -- expected to be 366 days from now -- with no right of appeal.
Facebook

Facebook Under Pressure as EU, US Urge Probes of Data Practices (reuters.com) 68

Facebook CEO Mark Zuckerberg faced calls on Monday from U.S. and European lawmakers to explain how a consultancy that worked on President Donald Trump's election campaign gained access to data on 50 million Facebook users. From a report: Facebook's shares fell more than 7 percent, wiping around $40 billion off its market value, set for their biggest drop since September 2012, as investors worried that new legislation could damage the company's lucrative advertising business. "The lid is being opened on the black box of Facebook's data practices, and the picture is not pretty," said Frank Pasquale, a University of Maryland law professor who has written about Silicon Valley's use of data. Lawmakers in the United States, Britain and Europe have called for investigations into media reports that political analytics firm Cambridge Analytica had harvested the private data on more than 50 million Facebook users to support Trump's 2016 presidential election campaign. Further reading: An undercover investigation by Channel 4 News reveals how Cambridge Analytica secretly campaigns in elections across the world. Bosses were filmed talking about using bribes, ex-spies, fake IDs and sex workers.
Privacy

The 600+ Companies PayPal Shares Your Data With (schneier.com) 48

AmiMoJo shares a report from Schneier on Security: One of the effects of GDPR -- the new EU General Data Protection Regulation -- is that we're all going to be learning a lot more about who collects our data and what they do with it. Consider PayPal, that just released a list of over 600 companies they share customer data with. Here's a good visualization of that data. Is 600 companies unusual? Is it more than average? Less? We'll soon know.

Slashdot Top Deals