The Free Internet Project

Net Neutrality

ENDING OUR PROJECT

Dear Supporters of The Free Internet Project: 

After 9 years, we have decided to end our project. But, before we do, we want to thank everyone who contributed to and supported our efforts to raise awareness about threats to Internet freedoms. We couldn't have done it without you. 

While threats to Internet freedoms continue, plenty of other organizations are doing incredible work to protect people's rights online. 

We will sunset this website in due course.

Thanks again. 

Tm Berners-Lee launches Inrupt and Solid for people to control their personal data

Tim Berners-Lee, the inventor of the World Wide Web, announced in October 2018 the launch of a new project called Inrupt to launch a new, open-source technology or platform called "Solid."  Solid is an ecosystem that enables users to store anything, including personal data, in their own Solid POD (personal online data store), which acts as the interface with other sites.  So, instead of "logging in with Facebook" or "logging in with Google," people can "Log in with your own Solid POD."  Through your POD, you can control the permission of how much other sites or apps can "read or write" to your POD.  

The main thrust of the POD approach is that it enables people to control and limit any sharing of their personal data via their single POD, instead of being beholden to websites such as Facebook or an app's user policy.  As the Solid site describes:

  • You give people and your apps permission to read or write to parts of your Solid POD. So whenever you’re opening up a new app, you don’t have to fill out your details ever again: they are read from your POD with your permission. Things saved through one app are available in another: you never have to sync, because your data stays with you.
  • This approach protects your privacy and is also great for developers: they can build cool apps without harvesting massive amounts of data first. Anyone can create an app that leverages what is already there.

Berner-Lee took time off from his position at MIT to work on the commercial venture Inrupt.  Inrupt is meant to facilitate developers to adopt Solid in their programming and develop new programs incorporating the Solid approach.  It's too early to tell how much adoption Solid will get, but it has the potential to radically transform the Internet.  For example, in an interview with Fast Compnay, Berners-Lee gave one example of a new home assistant that protects people's privacy, instead of tracking their every word:  "one idea Berners-Lee is currently working on is a way to create a decentralized version of Alexa, Amazon’s increasingly ubiquitous digital assistant. He calls it Charlie. Unlike with Alexa, on Charlie people would own all their data. That means they could trust Charlie with, for example, health records, children’s school events, or financial records. That is the kind of machine Berners-Lee hopes will spring up all over Solid to flip the power dynamics of the web from corporation to individuals."

The EU's GDPR (General Data Protection Regulation) goes into effect May 25, 2018

The new EU General Data Protection Regulation goes into effect May 25th, 2018.  You may have recently received notices of changes to privacy policies by Google, Twitter, and other tech companies.  The reason: the GDPR.  It attempts to create uniform rules for how personal data is managed in EU countries. The European continent’s first piece of legislation pertaining to the protection of personal data was the “Convention 108”, adopted in 1981 by the Council of Europe (a different international institution that the EU which brings together 47 countries). Later, in 1995, the European Union passed its directive “on the protection of individuals with regard to the processing of personal data and on the free movement of such data”.  Unlike the 1995 personal data directive, which must be implemented by EU countries in their nationals laws, the new GDPR is EU law that applies without reliance on national implementing laws.  The GDPR is also broader than the personal data directive.  The key changes are discussed below.  

 

 

OVERVIEW OF KEY CHANGES BY GDPR

 

1. Extensive territorial scope: controllers of data with no establishment in the EU can still be subject to the Regulation for processing related to the offering of goods and services in the EU, or to the monitoring of the behavior of data subjects located in the EU.

  • No longer matters whether controllers actually process data within the EU.
  • If an EU citizen's data is processed, the controller is subject to the GDPR.  

2. Enhanced rights of data subjects:

  • New right to ‘data portability’: in certain situations, controllers will be bound to transmit personal data to new controllers, on the request of data subjects who may wish to switch from on service to another;
  • Upgraded rights to erasure (‘right to be forgotten’) and to restriction of processing;
  • Substantial increase of the number of information items which must be provided to data subjects, including in particular the retention period of the collected data;
  • More stringent conditions for a valid consent (where required): it will have to be freely given, specific, informed and unambiguous, by statement or by affirmative action.

3. Redesigned obligations for controllers and processors:

  • Auto-compliance and accountability: controllers and processors must ensure and be able to demonstrate that they have implemented any technical and organizational measures in order to ensure that the processing carried out comply with the Regulation. Such demonstration may be helped through adhesion to codes of conducts, or through certifications;
  • The end of prior notifications: the obligation to notify the competent supervising authority prior to each processing is replaced by an obligation to keep detailed records of processing activities;
  • Data by design and by default: controllers and processors will be expressly bound to respect these principles which is viewed as an effective means for compliance;
  • Specific measures to be implemented in certain situations: (i) appointment of a data protection officer; (ii) privacy impact assessments; and (iii) notification of data breaches to supervising authorities and to concerned data subjects;
  • Other new obligations related in particular to the (i) joint controller regime (the breakdown of the different responsibilities will have to be determined); and to (ii) the choice of data processors and to the contracts between controllers and processors.

4. Reinforcement and clarification of the supervising authorities’ roles and powers:

  • Administrative fines up to 20 million Euros or 4% of the worldwide annual turnover of the preceding financial year;
  • For cross-border processing, a lead authority will handle issues in accordance to a new co-operation procedure between it and other concerned supervising authorities (which will remain competent alone in certain situations);
  • Supervisory authorities will have to offer each other mutual assistance, and may conduct joint operations when necessary;
  • A new entity, the “European Data Protection Board”, will replace the Article 29 Working Party and will be in charge of providing opinions to supervising authorities on certain matters, of ensuring consistent application of the Regulation (by supervising authorities) in particular through a dispute resolution mechanisms, of issuing guidelines, of encouraging the drawing-up of codes of conducts etc.

Illinois Introduces State Bill Seeking to Protect Net-Neutrality

Since the Federal Communications Commission (FCC) voted to repeal the Obama-era net neutrality rules in December 2017, many states have been at work trying to safeguard against the possible negative fallout. On February 14, 2018, Illinois State Rep. Ann Williams filed House Bill 4819, the Broadband Procurement and Disclosure Act.

HB 4819 requires that all internet service providers (ISPs) who do business with state agencies adhere to basic net neutrality principles. The bill requires that the ISPs make “clear and conspicuous” statement disclosing the ISP’s network management practices. Most importantly, the bill aims to restore basic net neutrality rules by mandating that all ISPs providing service to Illinois agencies “shall not block” users from accessing lawful content. The bill also provides that ISPs shall not “impair” or “degrade” lawful traffic to the user, based on content. Finally, the bill prohibits ISPs from manipulating broadband service to favor certain traffic, and from unreasonably interfering with either the end user’s ability to access desired content or content producer’s ability to make content available to users.

U.S. Federal Communications Commission votes to repeal net neutrality law

 

On December 14, 2017, the United States Federal Communications Commission (FCC) voted to repeal Obama's net neutrality protections. These now-eliminated protections include barring internet providers from slowing down or blocking access to online content, and prohibiting internet providers from promoting their own content. Ajit Pai, Chairman of the FCC, stated "[the repeal] is not going to destroy the internet. It is not going to end the internet as we know it. It is not going to kill democracy. It is not going to stifle free expression online."

Others, have voiced strong opinions against the repeal. "This is a matter of enormous importance with significant implications for our entire economy and therefore merits the most thorough, deliberate, and thoughtful process that can be provided," stated Maine Senators Susan Collins, Republican, and Angus King, independent. The FCC also received millions of comments supporting current net neutrality protections.

States have voiced their stance against the FCC's net neutrality protection repeals. New York Attorney General Eric Schneiderman has declared intentions to sue to stop the FCC’s rollback of net neutrality, stating "We will be filing a claim to preserve protections for New Yorkers and all Americans. And we’ll be working aggressively to stop the FCC’s leadership from doing any further damage to the internet and to our economy.” Washington State Attorney Bob Ferguson also announced his intention to take action, stating "Today, I am announcing my intention to file a legal challenge to the FCC’s decision to roll back net neutrality, along with attorneys general across the country." Other states, including Oregon, Illinois, Iowa, and Massachusetts, will join the lawsuit as well.
 

South Africa considers the Films and Publications Amendment Bill that critics claim would equal Internet censorship

South Africa's National Assembly is considering the Films and Publications Amendment Bill [text], which is intended to amend the Films and Publications Act of 1996. The bill has sparked great controversy in the Internet community. Many critics call it the "Internet censorship bill."  

What are the fears of censorship?  Part of the controversy is the section establishing an independent rating system for "digital films, digital games and certain publications." Critics argue that the provision is overly broad and could apply to every creator of videos on YouTube in South Africa, even user-generated content--thereby subjecting them to register as a distributor with the Film and Publication Board (FPB's).  Section 24A treats failure to register as a potential criminal offense subject to fine or imprisonment ("(1) Any person who knowingly distributes or exhibits in public a film or game without first having been registered with the Board as a distributor or exhibitor of films or games shall be guilty of an offence and liable, upon conviction, to a fine not exceeding R150 000 or to imprisonment for a period.").

In addition, any distributor under the FPB's jurisdiction would be required to maintain controls to prevent individuals under 18 years of age from accessing material classified as "X18," including the following verification:

  • the distributor shall keep, solely for his or her private records, a register of all instances where access was granted to a user, whose name, address and verifiable age must be noted in the register kept for that purpose.
  • the register referred to in paragraph (e) must be kept for one year from the date when distribution took place.

Critics argue this registry could chill adults from accessing legal content and constitute an invasion of privacy.  According to new reports, the Democratic Alliance, "MultiChoice, eNCA, eTV, Right2Know, Media Monitoring Africa, the SOS Coalition, the South African National Editors Forum, the National Association of Broadcasters, Google and the South African Broadcasting Corporation (SABC)" have all opposed the bill.   

UN Human Rights Council issues nonbinding resolution on Internet access as a human right

The United Nations Human Rights Council passed a nonbinding resolution reaffirming its view that Internet access is a basic human right.  The resolution "calls upon all States to address security concerns on the Internet in accordance with their international human rights obligations to ensure protection of freedom of expression, freedom of association, privacy and other human rights online, including through national democratic, transparent institutions, based on the rule of law, in a way that ensures freedom and security on the Internet so that it can continue to be a vibrant force that generates economic, social and cultural development."

The resolution also "condemns unequivocally measures to intentionally prevent or disrupt access to or dissemination of information online in violation of international human rights law and calls on all States to refrain from and cease such measures."  [English text]

India rejects Mark Zuckerberg's Free Basics in India

Mark Zuckerberg's "Free Basics" platform under Internet.org suffered a huge defeat in India.   The platform provides free Internet connection to under-served areas with little or no Internet connection, but the access to the Internet is limited to certain "basic" ad-free apps, including Facebook. On February 8, the Telecom Regulatory Authority of India issued "Prohibition of Discriminatory Tariffs for Data Services Regulations”—which bans differential pricing arrangements for internet access, including the practice is known as "zero rating" by which usage of certain preferred apps does not count toward paid data usage.

TRAI explained: "In India, given that a majority of the population are yet to be connected to the internet, allowing service providers to define the nature of access would be equivalent of letting TSPs shape the users' internet experience. This can prove to be risky in the medium to long term as the knowledge and outlook of those users would be shaped only by the information made availablethrough those select offerings. Further, to the extent that affordability of access is noted to be a cause for exclusion, it is not clear as to how the same users will be in a position to migrate to the open internet if they do not have the resources to do so in the first place."

Mark Zuckerberg appeals to India before key decision on Internet.org platform, amid protests of net neutrality violation

Ahead of a key decision by India's telecommunications regulatory body, Mark Zuckerberg wrote a blog post in the Times of India to defend his nonprofit Internet.org, which provides free (but limited) Internet access to under-served areas.  The service is called "Free Basics," which enables users to access the Internet but only for a limited number of apps, such as weather, Wikipedia, and, yes, Facebook. Other app developers can apply to Internet.org to be included in Free Basics.   

Russia's new "right to be forgotten" law goes into effect

On Jan. 1, 2016, Russia's new "right to be forgotten" (RTBF) law went into effect.  The law is similar to the EU right to be forgotten, which requires search engines to remove links to web postings from searches of a person's name if the postings are old, false, or no longer relevant.  Russia's law, however, does not allow removals of criminal convictions even if the terms of prison or punishment have been served. By contrast, the EU allows removals of links based on criminal convictions if, e.g., the country recognizes the expungement of the criminal record upon completion of the punishment.  Russia's law is also different from the EU law in that Russia's law specifically sets a time period of 3 to 10 days for the search engine to respond to a RTBF request made by a person.

Pages

Blog Search

Blog Archive

Categories