cover photo

Piratenpartei - News

No Bright Future: A Cautionary Tale

No Bright Future: A Cautionary Tale

This is a guest post by Hugi Asgeirsson, updated from this original publication.

This is a tale of the rise and fall of a progressive political party. It’s a story of optimism turned sour and of promises broken. It’s a cautionary tale of the emptiness of value-based politics. At the end, I will congratulate the Pirate movement for doing things differently, but also offer some advice on why Pirates shouldn’t count their chickens before they’ve hatched. I’ll set the scene, tell the tale and then explain why is has made me stop and think. We begin in Iceland, only a few weeks ago…
Óttar Proppé peers out from behind thick rimmed glasses in a photograph captured on his day of defeat. His thinning platinum blonde hair catches the Icelandic afternoon light. His yellow turtleneck sweater and polyester blazer bunch up around his hunched posture. He’s a different sort of politician for a party that wanted to reinvent the political game. It is his last day as leader of Icelandic party Bright Future.

Óttar Proppé led the young self-described “super-green liberal centre party” into a coalition government in 2016 with the conservative Independence Party. Óttar’s career until 2010 was as a sales clerk in a bookstore and lead singer of alternative rock bands. After three years in the Reykjavík City Council, and three years in parliament, Óttar was appointed Minister of Health. Only 8 months after he took his seat, his own party withdrew from government after an endless row of scandals on the hands of the Independence Party. Bright Future claimed that it was their unwavering honesty that made them pull out of government. In the following snap election, they were obliterated with only 1.2% of the vote after just five years in parliament. But how did it all begin?

Björt Framtíð had optimistic beginnings.

Björt Framtíð had optimistic beginnings.Bright Future began in 2012 when two members of parliament from opposing sides of the aisle joined forces. Combining elements from both left and right to present a new kind of politics, Bright Future wanted to be a progressive force. With support from people in the cultural sphere, the party became a darling of downtown Reykjavík hipsters. Their political program was vague but optimistic. Iceland should have a “stable economy and currency” and “more democracy and deliberation”. They would “focus on human rights and the environment” and ensure “rich diversity in all aspects of life” as well as a “more honesty”. In retrospect and taken out of context, it might be hard to see how such a hollow platform survived scrutiny. But four years had passed since the financial crash of 2008 and people were tired of anger and bickering. Voters wanted something new, and Bright Future delivered. Balancing sincerity with tongue-in-cheek humour, they sometimes made promises for comical effect. With Bright Future they joked that Iceland would win Eurovision and become a “happier place with less fuss”.

Björt framtíð -- Ertu til í Reykjavík?
by Æhjarta Reykjavík on YouTube

In the 2013 elections, Bright Future secured 8,2% and six seats in parliament. During the coming two years, Bright Future would poll well, peaking at over 20% in mid 2014. As the Pirate Party started to rise in the polls in 2015 to over 30%, it was at the expense of Bright Future and the lacklustre Social Democratic Alliance. Dissatisfied Icelandic voters were becoming accustomed to jumping from one new party to the next. When results were in from the 2016 elections, Bright Future had won 7.2% of the vote. Their campaign focused on feminism (“Less mansplaining — More Bright Future”), honesty (“More Bright Future — Less empty promises”) and environmentalism. Óttar Proppé, coming across to many as a sensible aging hipster in TV debates, had inspired confidence.

Early elections had been called in response to the Panama Papers, and few progressive voters wanted either of the two government parties at the time to stay in power. In the coming months, the four parliamentarians of Bright Future took part in coalition talks on all sides. When they entered into talks with the Independence Party, their voters and many of the founding members protested. When they then formed government, progressive voters accused them of being a crutch to the Independence Party.

January 2017: Óttar Proppé signing a coalition agreement with Bjarni Benediktsson of the Independence Party.

Many of the original members of the party resigned, as did two of its former parliamentarians, one of whom called the coalition “treasonous”. But Óttar Proppé and his group stood their ground, stating that a government with them was better than a government without them. Only eight months later, they pulled the plug and withdrew after a particularly nasty scandal involving the prime minister covering up that his father had recommended pardon to a convicted paedophile. Óttar Proppé and his party claimed that this was the ultimate proof of them standing by their word of changing the culture, but the voters thought otherwise and regarded them naive and flaky. Bright Future lost all seats in parliament in the subsequent snap election.
So what is the lesson to be learned from Bright Future? This is where I need to disclose my own bias. I’ve worked with the Icelandic Pirate Party for the last two years, and I’ll admit that there is no way for me to stay completely impartial. But I’ll give my analysis, which will also address the strengths and shortcomings of the Pirate movement, for you to make of it what you will.

Politics is about shifting and distributing power. Without having models to explain how power flows, one cannot propose ways to change that flow. We call these models ideology, and it is this sort of ideology that Bright Future is lacking. Bright Future does not have an ideology. Instead, Bright Future has values. Values like courage, balance, warmth, understanding, trust and responsibility. Exchanging ideology for values has become fashionable as the old ideologies are outdated and nobody is willing to commit to another “ism”. This is understandable, but unwise. Values are not a strong anchor, because their relativity allows for too much ambiguity. Bright Future’s values can support entering into government with the Independence Party to ensure these qualities or support staying clear of such a government. And it’s not until you actually get into the position of forming government that your resilience and staying power is actually tested.

A set of values is a lofty ideal, but it’s no replacement for ideology. For example, values do nothing to explain why groups turn against each other or why inequalities arise, in the way that socialism could. Nationalism, liberalism, fascism, socialism and neoliberalism are all models that have, in that order, shaped western society. These models and the forces that employ them have not gone away. Politicians without ideological backbones risk becoming useful idiots for those with stronger spines. A party based on vague ideas like “changing the tone”, “offering another narrative” or “participatory processes” runs a real risk of becoming a vehicle for those with a clearer and simpler agenda. Bright Future is a cautionary tale of what happens when you tell yourself that tone and choice of words is more important than content. It’s a warning to those who want to attempt to “change the culture” without doing their homework on what it is they want to achieve.
So where does this leave a movement like the Pirate Party? I argue that the resilience of that movement is due to it having an ideology at its core. First, we need to acknowledge that despite the best efforts of the establishment, Pirate Parties have been represented in EU and national parliaments since 2008. Even as the movement slows down in one place, it has emerged in another, recently gaining 10,8% in the Czech national election. The Pirate movement is the most successful new political force since the rise of the environmental green parties.

Czech Pirate Party leader Ivan Bartoš interviewed after his party won 10,8% in the elections this year.

What all Pirate Parties have in common is an ideology based in network thinking and freedom of information. Like all ideologies, it has its roots in a canon of thinkers including Larry Lessig, Richard Stallman, Eben Moglen and Yochai Benkler. These shared models lead to conclusions that all Pirate Parties must share to justify their existence. A Pirate Party must oppose censorship. It must fight for transparency and be ruthless against secrecy and corruption. Pirate Parties all believe in some form of collective intelligence to inform decision making. They oppose surveillance and work to expand human rights into the digital sphere. Pirate ideology leads to the right to be forgotten online, policies on cyberwarfare, e-government and data retention. Network thinking leads Pirates to expose flaws in the political process, in parliament and in electoral systems. Pirate Parties have a clear and coherent ideology when it comes to information as a resource, and they see political processes and economic policies as systems that can be hacked for better or for worse. In some cases, as with tax evasion and other white-collar crimes, Pirate Parties have been more adamant critics than left wing parties as they see this as a lack of transparency. That being said, there is much that can not easily be addressed by the core Pirate ideology, like income inequality, class and the environment. But having at least one heavy anchor keeps Pirate Parties on course. Indeed, in Iceland the Pirates have been clear about not going into government with the Independence Party, not because they are fiscally conservative, but because of differences over transparency and reforms of the political system.

Although Pirates have a unique and useful ideology, there is much work to be done. Pirate ideology is based on models of how information flows, and sees information as resource so different from other resources that it must be considered separately. This insight into the nature of information and its effect on power is what defines the Pirate ideology, much like how the most defining insight of Marxism is how material capital affects power. But the ideas and models of Pirate ideology need to be researched and developed to stand the tests of time. Deep and careful work to define the theory is needed to give it staying power.
Parties like Bright Future that completely lack an ideology are likely to disappoint their voters by unexpectedly changing course. But here’s the kicker — it’s not only the new parties that suffer from lack of ideology. Especially on the left, most parties are built around the collective memories of ideologies long gone. Decades of third way politics and trying to meet neoliberal trends has eroded the left. The left now lacks the grand visions it was once (in)famous for. It is not surprising that it’s right at the time when the ideology of the left was crumbling in the 2000s that identity politics gained ground. When the left lost its models of class and inequality to explain why groups are being exploited and turning on each other, we got an uprising against the symptoms of those inequalities, based in values but without vision for how to achieve change. And those who benefited most from this turn of the left were the capital interests that the left tried to meet half way with third way politics.

Chomsky had a point, and we don’t just need narrative but above all ideology to wake up again.

Pirate ideology puts more emphasis on information as a resource than any other ideology. Indeed, most ideologies before it handle information as an afterthought. As information becomes an increasingly dominant resource, ideologies that have models to deal with it will gain ground. However, there are many issues to which the core pirate ideology struggles to come up with answers. These include some of the most pressing issues facing our societies, like climate-change, migration and income inequality. To address these questions, Pirate parties rely on the collective intelligence of their members to come up with answers through online policy formation. But lacking shared models to understand and address these questions, policies run the risk of becoming a mishmash of fashionable and often incoherent opinions. We can also expect disappointment when Pirate politicians in government are forced to make decisions on issues not covered by party policy. Voters will be disappointed to find that in areas where the party does not subscribe to ideologies, the ideologies of their representatives can differ wildly from their own.

Pirates will need to work this out to succeed. We might start seeing Pirate parties that also subscribe to other models, like social democratic pirates and explicitly anarchistic or libertarian pirates. But in a sense, this is just procrastinating the problem. Our representative democracy is broken and needs a radical overhaul. It’s a huge project that will need both compelling models and a powerful narrative to be successful.

So where does all of this leave Iceland, where we started this cautionary tale? Indeed, after the snap elections in October this year, the Left-Green Movement is now in coalition talks with the Independence Party, looking for “common ground around the issues”, to the dismay of most of their voters. We’ll see what follows if that unholy alliance is struck. What has become clear to me is that we cannot afford to keep fumbling around in the dark. At least two major mechanisms need revision — our progressive ideologies are outdated and our representative democracies keep leading to broken promises. We don’t need value based politics, we need ideological direction and new models. I think the Pirates have a part of the puzzle. Now let’s find the rest.

 Pirate Topic  Pirate Vision
EU Court rules on transparency of EU justice

EU Court rules on transparency of EU justice

The European Court of Justice (ECJ) in Luxembourg today ruled in favour
of the German civil liberties activist and pirate party member Patrick
Breyer (Commission vs. Breyer, C-213/15 P):[1] It ordered the Commission
to give the press and the public access to the pleadings exchanged in
completed court proceedings. In the present case Breyer successfully
demanded the Commission disclose Austrian pleadings concerning the
non-transposition of the controversial EU Data Retention Directive.
However the Court fined Breyer for publishing the written submissions in
his own case on his homepage.[2]

“Today’s ruling confirms that the EU‘s judicial system is lacking
transparency and in urgent need of reform”, comments Breyer. “Since EU
judges appear to consider transparency in pending proceedings a threat,
the EU needs to revise the Court rules in accordance with those
applicable to the European Court of Human Rights. Indifferently
prohibiting parties from publishing pleadings – including their own – is
inaceptable and endangers the freedom of the press.

This judgement turns important cases with potentially far-reaching
implications for every one of us into secret proceedings. In landmark
cases the press and the public should not be faced with irreversible
facts. Protecting our governments’ and institutions’ conduct in court
from public criticism and control contradicts the concept of democratic
oversight and freedom of the press.

This in-transparency fosters mistrust instead of building trust in times
of the EU experiencing a crisis of acceptance. Justice needs openness.
More transparency is for example needed where EU Courts deal with mass
surveillance programmes such as blanket data retention. The
admissibility of such interferences in our civil liberties is of general
interest. The arguments and applications put forward by our governments
in court need to be subjected to public scrutiny.”


As the ECJ does not grant access to written submissions, Breyer in 2011
asked the Commission to disclose Austrian pleadings concerning the
non-transposition of the controversial EU Data Retention Directive. The
Court of First Instance ruled in favour of Breyer and the Commission
disclosed the pleadings[3] but filed an appeal against the judgement.
The ECJ rejected this appeal today.

Advocate General Bobek in December proposed broadening access to Court
documents:[4] Documents ought to be made available upon request, in both
closed as well as, to a more limited extent, in pending cases. Advocate
General Bobek also suggested that pleadings could be routinely published
on the Internet. The European Court of Human Rights in Strasbourg
already grants access to written submissions upon request.

Patrick Breyer is a digital rights activist and a Pirate Party member in Germany. He has won court cases earlier where one of them decided that IP addresses are deemed personal data.


[1] Official press release:

[2] Case file (in German):

[3] Pleadings disclosed by the Commission after the judgement in first

[4] Advocate General Bobek proposes broader access to Court documents,

Featured image: CC-BY-NC-SA, jeroen020

 Transparency  Patrick Breyer  EU  Bobek  Pirate Topic
Privacy Shield: the American Lobbying Invasion

Privacy Shield: the American Lobbying Invasion

It is difficult to know the true extent to which American corporate interests and the US government continue to lobby the European Union and its member states on the US-EU Privacy Shield agreement. In March of this year, public records requests about Privacy Shield were sent to data protection authorities across the European Union. To date, the vast majority of EU data protection authorities have failed to release public records on Privacy Shield.

Lobbying by American Corporate Interests

American corporations, such as Google, Microsoft, Facebook, Amazon, and Twitter, use the Privacy Shield framework as the legal basis to transfer personal data from the European Union to the United States. Civil society groups [1, 2, 3, 4] have criticized the Privacy Shield’s many flaws and lack of basic protection for personal data. Even the EU’s own parliament has been critical of the agreement. The Article 29 Working Party, the group of EU data protection authorities, has also expressed serious concern and doubt about Privacy Shield. Perhaps the most glaring inadequacy of the Privacy Shield agreement is that it allows for NSA mass surveillance, in violation of EU law.

The European Union has a voluntary lobbying register. Google, Microsoft, BusinessEurope, and DigitalEurope are four of the top eight lobbying organizations by number of meetings with EU officials, according to Integrity Watch. The transparency register lists Google and Microsoft as being members of BusinessEurope and DigitalEurope. The transparency register also lists Google and Microsoft estimating their annual spending on EU lobbying as between €4 and €5 million Euros each. BusinessEurope lists its estimated annual spending on the low side of €4 million Euros, while DigitalEurope is spending approximately €1.9 million Euros a year.

There has been a massive lobbying campaign by American corporate interests on Privacy Shield in the EU. In addition to spending on lobbying, the transparency register also lists meetings between EU officials and lobbyists. In January of 2016, a couple months after the EU Court of Justice struck down Safe Harbor (the framework before Privacy Shield), Microsoft met separately with EU Commission Vice President Andrus Ansip and Commissioner Vera Jourova on the issue.

American technology companies such as Adobe, Apple, Amazon. AT&T, Cisco, Facebook (subsidiary in Ireland), General Electric, Google, Hewlett-Packard, IBM, Symantec, and Yahoo! have lobbied EU officials on the EU’s data protection standards. Several American financial services companies, including Citigroup, JP Morgan Chase, and Mastercard, have also lobbied EU officials on data protection standards. Trade industry groups representing American corporate interests have also partaken in this lobbying effort. The American Chamber of Commerce, the Business Software Alliance, BusinessEurope, and DigitalEurope are also listed as meeting with and lobbying EU officials on Privacy Shield.

Since the EU’s transparency registry is completely voluntary and there are few sanctions for violations, some meetings with EU officials and additional spending on lobbying may have never been registered. The American lobbying invasion may actually be much larger than the records on the EU’s transparency register suggest.

US Embassy Gets Involved

The US government is also engaged in lobbying EU member states to accept the Privacy Shield agreement. In January of 2016, the US embassy sent the Danish data protection authority (Datatilsynet) an email warning that legal uncertainty about personal data transfers from the EU to the US could harm business. The US embassy goes on to state that the EU should not solve the problem by hosting servers and storing data in the EU. The email also rather comically insinuates a denial of some aspects of NSA spying by stating, “The allegations underlying the Schrems case about U.S. privacy law and intelligence practices were based on mistaken assumptions and outdated information.” The Datatilsynet confirms that there was a meeting in May 2016 between their office, the Danish Ministry of Justice, the US embassy, and the US Department of Commerce about the Privacy Shield agreement.

In January of last year, the US embassy sent an email thanking the Slovenian data protection authority (IPRS) for meeting the week earlier. Several days later, the US embassy sent IPRS and the Slovenian Ministry of Justice a rather ominous email. The email warns, “It is imperative to conclude a revised U.S.-EU Safe Harbor agreement now, or risk harm to economic growth and job creation on both sides of the Atlantic, as well as damage to the broader transatlantic relationship.” The email also pressures Slovenia to direct EU Commissioner Vera Jourova to approve a new agreement to replace Safe Harbor. The US embassy also sent documents to the IPRS, which the IPRS is refusing to release.

The data protection authority of Italy confirms receiving communication from the US embassy about Privacy Shield. The data protection authorities in Finland, Germany, Latvia, Romania, and Sweden deny receiving emails from the US embassy about Privacy Shield. The data protection authority of Austria refuses to confirm or deny if it ever received emails. In response to questions about the possible existence of emails, the data protection authority of Luxembourg (CNPD) had a rather bizarre reply. The CNPD stated that Luxembourg does not have a freedom of information law. In addition, the CNPD refused to answer questions about the US embassy by citing Luxembourg data protection laws.

For now, the true extent of American lobbying remains behind closed doors.

The text of this article is released into the public domain. You are free to translate and republish the text of this article. Featured picture is obtained from the US Department of Commerce.

 Pirate Topic  EU  lobbying  Privacy shield
FOSS activist arrested for tor exit node in Russia

FOSS activist arrested for tor exit node in Russia

Accused of incitations to “terrorism” made via his Tor exit-node, Dmitry Bogatov was arrested on the 6th of April.

Dmitry became part of a large penal case that was initiated by Russia’s Investigation Committee on “incitations to mass riots” during the protest action that took place on the 2nd of April in Moscow. According to the Investigation Committee, Bogatov was publishing messages on the forum The messages posted were inciting to violent actions, for example, “he” was suggesting to bring “bottles, fabric, gasoline, turpentine [and] foam plastic” to the Red Square. According to the Investigation, the experts had analyzed the text of these messages and proved “linguistic and psychological characteristics of incitations to terrorism”. However, Dmitry claims that he has nothing to do with posting the incendiary messages.

The Investigation pled the judge to extend the detention period for the mathematician, but the judge Evgeniy Naidenov refused it. Article 212 of Russia’s criminal code establishes that offenders, who could be sentenced to up to two years in prison, should not be detained as a preventive measure. However, Bogatov was not released: he was taken away for interrogation at the Investigative Committee yet again, with handcuffs. The interrogation lasted for the whole night, and the Committee presented more serious charges: “calling for terrorist activities or justifying the use of terrorism via the Internet” (Article 205.2 with punishments from 5 to 7 years of emprisonment). These new charges transform a minor crime to a ‘grave’ one, and justify detention as a “preventive measure”. The hearing was held on April 10, and Bogatov got 2 months of preventive detention.
Dmitry Bogatov, 25 years old, teaches maths in MFUA (Moscow Finance and Law University). He was a free and open source software activist. Dmitry was administrating a Tor exit-node from his house. In fact, the author of “incendiary messages” (called “Airat Bashirov”) was using Tor, and, by chance, he used the ip adress of Dmitry’s exit node.

Dmitry’s lawyer, Alexei Teptsov, presented videos from surveillance cameras. The videos proved that during the moments when the “incendiary messages” were posted, Dmitry was away from his computer. He was coming back from a fitness center with his wife, Tatiana, and then went to a supermarket, where cameras were also working. Moreover, “Airat Bashirov”, the author of the provocative messages, continues to post on, while Dmitry is under arrest. The last post was seen on the forum on April 11.

Dmitry will stay in pre-trial detention center until June 8 at least. Now the Investigation is examining all his seized devices.

This is a guest post by Stanislav Shakirov (former PPRU chairman, 2009-2010).
Additional info about this case (in english)

 Pirate Topic  Foss  Pirate Party Russia  PPRU  Russia  terrorism  tor
NSA Contractors Join Privacy Shield

NSA Contractors Join Privacy Shield

Did you really think that the European Union would protect your privacy? Don’t be so naive.

The US-EU Privacy Shield program is supposed to give EU citizens greater data protections. As I wrote previously, the Privacy Shield program has several legal loopholes, which makes it look a bit like a block of Swiss cheese.

To add insult to injury, not only does the Privacy Shield fail to protect people’s private data, even NSA contractors are invited to join the party! The Privacy Shield program gives these NSA contractors the ability to transfer personal data stored in the EU to the US. From watching international news over the past few years, you may remember how Edward Snowden blew the whistle on the NSA’s mass surveillance programs. Snowden exposed how the US government had access to read your emails and to listen in on your phone calls.

Including NSA contractors on the list of Privacy Shield is a bit like letting the fox guard your henhouse. While some of the NSA contractors are signed up only to share human resources data, their inclusion in the program does nothing to improve Privacy Shield’s already dismal public image. The companies on the list are allowed to submit a self-assessment to ensure their compliance with Privacy Shield. In practice, this means that these companies have little or no independent oversight.

The following NSA contractors have joined the Privacy Shield program: BAE Systems, Boeing, General Dynamics, Lockheed Martin, Northrop Grumman, and Raytheon.

With the inclusion of NSA contractors in the Privacy Shield program, it is rather obvious that the US government cares nothing for data protection. While Europeans are lulled into a false sense of security with Privacy Shield, the US continues to build its surveillance state.

BAE Systems

In 2013, BAE Systems won a multi-year contract with the NSA for high performance computing. The contract is valued at $127 million. A leaked top-secret document outlines the NSA’s surveillance priorities for 2012-2016. One of the NSA’s stated goals is to use high performance computing to crack encryption. As a goal, the document states that the NSA plans to “Dynamically integrate endpoint, midpoint, industrial-enabled, and cryptanalytic capabilities to reach previously inaccessible targets in support of exploitation, cyber defense, and cyber operations.” In other words, the NSA plans to use its high performance computing program to broaden its surveillance capabilities, and BAE Systems is helping.


The American telecom, AT&T, built a secret room in one of its centers to facilitate NSA spying. In 2006, an AT&T technician blew the whistle and revealed the NSA’s massive spying operations. The NSA used a device to sift through massive amounts of data from the internet’s backbone. The device was made by a company called Narus. In 2010, Boeing acquired Narus.

In 2008, Boeing acquired Digital Receiver Technology (DRT). The NSA used DRT equipment to track people’s locations by their cellphone signals. Some DRT devices also have the ability to listen in on cellphone conversations and jam cellphone signals. Several DRT devices appear in the NSA’s surveillance catalog.

General Dynamics

In 2014, the Intercept revealed that the NSA was recording virtually every phone call in the Bahamas. The program is called SOMALGET, which is part of a broader surveillance program called MYSTIC. The broader surveillance program, MYSTIC, collects phone call metadata from several countries including Mexico, Kenya, and the Phillipines. General Dynamics had an 8 year contract valued at $51 million to process data for the MYSTIC program.

Lockheed Martin

In 1988, Margaret Newsham, a software engineer for Lockheed Martin, blew the whistle on a massive NSA spying program. The NSA was intercepting phone calls and electronic data in a surveillance program called ECHELON. While working for Lockheed Martin, Newsham was helping to create software that ran the ECHELON program. Newsham also revealed that the NSA was listening to phone calls of a US Congressman.

The US military’s research arm, DARPA, awarded contracts for the Total Information Awareness (TIA) program. The TIA program would collect massive amounts of data and use a predictive policing model. In other words, TIA used automated analysis to identify people as potential terrorists. In a very eery sense, it was the film Minority Report becoming reality. DARPA gave Lockheed Martin 23 contracts valued at $27 million for the TIA program. Several branches of the US government were involved in the TIA program, including the NSA. In 2012, the New York Times revealed that the NSA was running a program very similar to the TIA. The full extent of the TIA’s legacy would not be revealed until the Snowden leaks in 2013.

Northrop Grumman

In 2000, the NSA launched the Trailblazer project. The aim of Trailblazer was to update the old Cold War era interception technology employed by the NSA. The Trailblazer project was mired in scandal. The NSA had wasted over a billion dollars for a program that did not work. Northrop Grumman was one of the contractors working on the failed Trailblazer project.

The Trailblazer project was terminated in 2006. The next year, the NSA awarded Northrop Grumman a $220 million contract. The contract was to help the NSA manage the vast amounts of data it collected from its surveillance programs.


In 2009, the NSA founded the US Cyber Command. The new command center would focus on defensive as well as offensive cyber warfare. Raytheon posted job advertisements for “cyber warriors” to work at locations near known NSA sites.

In 2010, the NSA awarded Raytheon a classified $100 million contract for the Perfect Citizen program. The program would place sensors, to detect cyber attacks, in the backbone infrastructure of public utilities. A Raytheon employee criticized the program with the following words in an email: “Perfect Citizen is Big Brother.” The NSA rather comically claimed that Perfect Citizen would not be used for spying; however, privacy advocates were worried that the program would be used for domestic surveillance.

The text of this article is released into the public domain. You are free to translate and republish the text of this article. Featured picture is CC BY-NC-ND 2.0 Flicker user jrothphotos. Secondary picture CC by EFF.

Printouts from website, link.

 Pirate Topic  BAE Systems  Boeing  General Dynamics  Lockheed Martin  Northrop Grumman  NSA  Privacy shield  Raytheon  Snowden
Privacy Shield: More Holes than Swiss Cheese

Privacy Shield: More Holes than Swiss Cheese

What if your most intimate and private information was for sale to anyone in the world? What if anyone could find out your political beliefs, religious affiliation, sexual orientation, or even your medical history? In the US, it is legal for the private sector to collect and sell these types of personal information, and the government is powerless to stop it. Due to the US’ lack of general data protection laws, Europeans’ personal information could wind up in the hands of unscrupulous data brokers and for sale on the global market. Data transfers from the EU to the US is cause for on-going controversy, because the EU considers data protection to be a fundamental right.

In testimony before the US Congress, Pam Dixon of the World Privacy Forum detailed abuses by data brokers. MEDbase200 sold personal information on rape survivors and people with an HIV positive status for $79.00 per thousand names. Addresses of domestic violence shelters are supposed to be kept secret, but FirstMark sold lists of these shelters online. DMDatabases sold comprehensive databases detailing patients’ medical conditions and which prescription medications they were taking.

Data brokers obtain personal information from various sources. Many US companies rather shamelessly sell information on their customers. Data brokers can also collect information online through tracking cookies, mobile app data, social media postings, and online surveys. Data brokers also sell each other vast amounts of data, making it virtually impossible to figure out who originally collected the information.

EU regulators should have pause for concern that social media sites are now partnering with American data brokers. Especially controversial is Facebook’s partnership with data broker Acxiom. After the 9/11 terror acts, Acxiom lobbied the US government to weaken the few and limited federal privacy protections in the US. In 2001, Acxiom proposed to establish a government surveillance programs to crawl the internet and gather intelligence from websites. The US Department of Defense also considered partnering with Acxiom to build a large surveillance database. In 2003, Acxiom was embroiled in controversy when it worked with the US Department of Homeland Security on a proposed system to give airline passengers color-coded ratings based on the likelihood of being a terrorist. Despite holding vast amounts of personal data, Acxiom has been the victim of numerous data breaches, with computer hackers stealing large amounts of information.

Starting in 2000, the US-EU Safe Harbor agreement allowed companies in the EU to send personal data to the US. In 2015, the EU Court of Justice struck down the legal basis for the Safe Harbor agreement, because the agreement failed to provide adequate data protections. The US and the EU quickly negotiated a new agreement called Privacy Shield to allow the continued flow of data from the EU to the US.

The new US-EU Privacy Shield agreement is a complete disaster. The agreement’s greatest weakness is that the Privacy Shield program is completely voluntary. An American company with no subsidiaries in the EU could refuse to sign up for Privacy Shield and can ignore EU data protection authorities. The US government is powerless to stop data collection over the internet, which is completely legal in the US.

Even when a company voluntary signs up for the Privacy Shield program, it requires the US Federal Trade Commission (FTC) to enforce the rules. This year, President Trump has the authority to nominate four FTC commissioners (out of five commissioners total). Considering President Trump’s history, his nominations for the FTC will be extremely business-friendly, and the new commissioners may do everything in their power to stop any consumer protections (including Privacy Shield). On the rare instance that the FTC would actually investigate a company for failing to comply with the Privacy Shield framework, the FTC would have to prove that the data is covered under Privacy Shield.  In the US, data brokers repackage and sell data so many times that it may be difficult or impossible for the FTC to ever prove where the data originally came from.

Recently, President Trump named Maureen Ohlhausen as acting Chair for the FTC. Ohlhausen has previously criticized the FCC (Federal Communications Commission) proposal to require ISP (internet service providers) to obtain consent before sharing customers’ private data with data brokers and other third parties. Ohlhausen argued that the FCC’s proposal would harm consumers by offering too many privacy protections. With Ohlhausen as acting Chair, the FTC will likely fail to enforce the Privacy Shield framework.

The Privacy Shield framework does nothing to stop the US government’s mass surveillance and bulk collection of data. In a letter included in the Privacy Shield notice, the former Secretary of State, John Kerry, promises to establish an ombudsperson to take complaints regarding US government surveillance practices. A close reading of the memorandum reveals that the Privacy Shield ombudsperson has no legal authority to investigate or provide independent oversight. The memorandum also mentions several OIGs (Office of Inspector Generals) and the PCLOB (Privacy and Civil Liberties Oversight Board), which are the same mechanisms that failed to protect people from the NSA’s mass surveillance in the first place.

The Privacy Shield notice also includes a letter from the Office of the Director of National Intelligence (ODNI). The letter cites PPD-28 (Presidential Policy Directive-28) as limiting the US government’s surveillance efforts. It is difficult to independently verify what PPD-28 actually contains, since some portions of the directive are classified. The PPD-28 was signed by President Obama, who is no longer in office. President Trump is not required to follow PPD-28, and he can secretly overturn the directive at any time without any public notice.

The US government has no international legal obligations to enforce Privacy Shield. The Privacy Shield framework is a voluntary program, operated by the US Department of Commerce, which could be rescinded at any time. It is hard to imagine how the EU ever approved an agreement so dreadful as Privacy Shield. I cringe thinking that the EU completely lacks an understanding of the US Constitution and how the American government operates. Before ever entering another agreement with the US, the EU needs to first hire some extremely well-read American lawyers as advisors.

As it stands, the Privacy Shield framework leaves EU consumers’ personal data open to abuse, with few or no rights to recourse and redress. If the EU is serious about data protection, it should immediately suspend the Privacy Shield framework. Access to the EU market is of paramount importance to many American businesses. Using its economic leverage, the EU should pressure the US to reform its legal code to ensure better data protection.

For further reading:

GAO report on data brokers, link

FTC report on data brokers, link

Featured image: CC-BY-NC-ND, thenoodleator

 Pirate Topic  Privacy  Privacy shield