Weak Human Rights Protections: Why You Should Hate the Proposed UN Cybercrime Treaty

EFF update
1 month 4 weeks ago

The proposed UN Cybercrime Convention dangerously undermines human rights, opening the door to unchecked cross-border surveillance and government overreach. Despite two and a half years of negotiations, the draft treaty authorizes extensive surveillance powers without robust safeguards, omitting essential data protection principles.

This risks turning international efforts to fight cybercrime into tools for human rights abuses and transnational repression.

Safeguards like prior judicial authorization call for a judge's approval of surveillance before it happens, ensuring the measure is legitimate, necessary and proportionate. Notifying individuals when their data is being accessed gives them an opportunity to challenge requests that they believe are disproportionate or unjustified.

Additionally, requiring states to publish statistical transparency reports can provide a clear overview of surveillance activities. These safeguards are not just legal formalities; they are vital for upholding the integrity and legitimacy of law enforcement activities in a democratic society.¸

Unfortunately the draft treaty is severely lacking in these protections. An article in the current draft about conditions and safeguards is vaguely written, permitting countries to apply safeguards only "where appropriate," and making them dependent on States domestic laws, some of which have weak human rights protections.¸This means that the level of protection against abusive surveillance and data collection can vary widely based on each country's discretion.

Extensive surveillance powers must be reined in and strong human rights protections added. Without those changes, the proposed treaty unacceptably endangers human rights around the world and should not be approved.

Check out our two detailed analyses about the lack of human rights safeguards in the draft treaty. 

Karen Gullo

[B] 野添憲治の《秋田県における朝鮮人強制連行11》鉛山鉱山の朝鮮人連行者  鹿角軍小坂町十和田

日刊ベリタ
1 month 4 weeks ago
鉛山鉱山が発見されたのは1665年。操業は長い間中止されていたが、昭和に入り再開された。戦争が始まり、必要になったのだろう。この鉱山に朝鮮人が連れてこられたのは、旧厚生省の文書では1945年7月3日。敗戦まじかである。坑口や鉱石を運んだトロッコのレールは今も残っている。(大野和興)
日刊ベリタ

Senators Expose Car Companies’ Terrible Data Privacy Practices

EFF update
1 month 4 weeks ago

In a letter to the Federal Trade Commission (FTC) last week, Senators Ron Wyden and Edward Markey urged the FTC to investigate several car companies caught selling and sharing customer information without clear consent. Alongside details previously gathered from reporting by The New York Times, the letter also showcases exactly how much this data is worth to the car companies selling this information.

Car companies collect a lot of data about driving behavior, ranging from how often you brake to how rapidly you accelerate. This data can then be sold off to a data broker or directly to an insurance company, where it’s used to calculate a driver’s riskiness, and adjust insurance rates accordingly. This surveillance is often defended by its promoters as a way to get discounts on insurance, but that rarely addresses the fact your insurance rates may actually go up.

If your car is connected to the internet or has an app, you may have inadvertently “agreed” to this type of data sharing when setting it up without realizing it. The Senators’ letter asserts that Hyundai shares drivers’ data  without seeking their informed consent, and that GM and Honda used deceptive practices during signup.

When it comes to the price that companies can get for selling your driving data, the numbers range wildly, but the data isn’t as valuable as you might imagine. The letter states that Honda sold the data on about 97,000 cars to an analytics company, Verisk—which turned around and sold the data to insurance companies—for $25,920, or 26 cents per car. Hyundai got a better deal, but still not astronomical numbers: Verisk paid Hyundai $1,043,315.69, or 61 cents per car. GM declined to share details about its sales.

The letter also reveals that while GM stopped sharing driving data after The New York Times’ investigation, it did not stop sharing location data, which it’s been sharing for years. GM collects and shares location data on every car that’s connected to the internet, and doesn’t offer a way to opt out beyond disabling internet-connectivity altogether. According to the letter, GM refused to name the company it’s sharing the location data with currently. While GM claims the location data is de-identified, there is no way to de-identify location data. With just one data point, where the car is parked most often, it becomes obvious where a person lives.

Car makers should not sell our driving and location history to data brokers or insurance companies, and they shouldn’t make it as hard as they do to figure out what data gets shared and with whom. This level of tracking is a nightmare on its own, and is made worse for certain kinds of vulnerable populations, such as survivors of domestic abuse.

The three automakers listed in the letter are certainly not the only ones sharing data without real consent, and it’s likely there are other data brokers who handle this type of data. The FTC should investigate this industry further, just as it has recently investigated many other industries that threaten data privacy. Moreover, Congress and the states must pass comprehensive consumer data privacy legislation with strong data minimization rules and requirements for clear, opt-in consent.

Thorin Klosowski