Slashdot Mirror
US Twitter Spying May Have Broken EU Privacy Law
Stoobalou writes "A group of European MPs will today push EU bosses to say if the US government breached European privacy laws by snooping on Twitter users with links to whistle-blowing site WikiLeaks. The Alliance of Liberals and Democrats for Europe (ALDE) will today pose an oral question to the European Commission, seeking clarification from the US on a subpoena demanding the micro-blogging site hand over users' account details."
Where is Twitter based?
Where is the EU?
Just Askin.....
Sig Battery depleted. Reverting to safe mode.
Then what?
For justice, we must go to Don Corleone
Tweets are public. End of story.
"His name was James Damore."
Aren't tweets public anyway? And what does it matter if they found links to the latest video/picture of some fat/old person/animal singing?
The Tweets are, but I don't think the IP, phone number or other information of interest associated with the sender/follower is public.
Home of The Suki Series
The story isn't about tweets.
Its about a US Subpoena for the account details about the owners of accounts used to support Wikileaks.
The subpoena is being fought, and may well be stricken down as overreaching.
Sig Battery depleted. Reverting to safe mode.
So following someone on twitter is a violation of privacy law?
They subpoenad twitter not for the tweets but for IP logs and private account information pertaining to certain accounts. They basically want to know from which computers and where the users logged in from (ie. the IP), at what times (ie. IP log), and what they did while there. They'll also know the e-mails, passwords, and other information from those accounts.
THAT, my friend, is definitely not public and I think that's a huge breach of privacy even for these reasons because the US not only subpoenad for the WikiLeaks accounts but many others that were associated with the scandal.
Since when is an American government dealing with an American company bound by European rules? Nobody forced us Europeans to sign up for Twitter. I think we're all aware it's an American entity and that American law applies above all others in this situation.
Somebody doesn't understand how the US legal system works:
Subpoenas get issues by courts, so there is a "judicial enquiry" and judicial oversight. And there is a potentially illegal act, namely the release of classified information; the prosecutor had to convince the judge of that. The order was by a US court to a US company. Furthermore, the individuals targeted were informed and given an opportunity to object.
In Europe, police would be able to get this information without any judicial oversight, without anybody being informed, and without anybody being able to object.
The complaints by these MEP are unfounded and apparently just being made to score political points; beating up on America is a politically successful strategy in Europe.
Its not about reading tweets.
And your post shows you are not about reading TFA.
So run off and read TFA before you make a fool out of yourself. mmmmkay?
Sig Battery depleted. Reverting to safe mode.
Its not about spying on twitters and facebooks and gmails.
Go read the TFA before posting.
Sig Battery depleted. Reverting to safe mode.
Maybe my dictionary is out of date, but I never have thought that a court ordered subpoena is a "spying" activity. If they broke in to twitter and trolled through data that would be spying.
Looking at the website it's coming from... maybe I understand now why they think a subpoena is "spying". They say the Bradley Manning is currently being tortured by US jailers, and insinuate the subpoena is a front to cover the trail of supposedly confirmed NSA wiretaps 2x blocks from Twitter HQ. Sure sounds like level headed, unbiased facts abound there.
http://www.thinq.co.uk/2011/1/8/us-wants-read-wikileakers-twitter-accounts/
Of course it is. What Europeans should realize is that their data protection and privacy laws don't matter when they are communicating over web sites based in the USA.
What did you take away from the article?
It's also about expectations of privacy. Clearly Europeans are under the impression that their privacy laws are in operation when they are using web sites owned by USA based companies, and just as clearly the US Federal government does not think that European privacy laws apply when those people are accessing services offered from the USA.
If this story isn't about tweets, then what, pray tell is it about? It's about twitter, the Federal Government, and privacy.
Tweets are, both normally sent ones and ones that are sent as replies (though most feeds ignore tweets sent as replies). Twitter does allow you to send people a direct message though, and those aren't public.
Attention... all grammer nazi"s! Is they're anything; wrong with: my post,
Yeah, but what details could be there? Maybe they can guess location at a given time by checking IP addresses, or maybe they can get real names. But don't they know that already? Don't most people volunteer that sort of information? And why would that be important? Yes, I get that it shouldn't be looked into anyway, privacy is about not having to disclose exactly whatever you don't wish to disclose, not solely what's deemed important, but I think the most important thing is to realize that if they were looking into Twitter, which might contain no valuable information for them whatsoever, they're also looking everywhere else. That's what's worrying. Well... that and the fact that only Twitter made such inquiries public so far.
Not the same. Radio stations pay a licensing fee for a public performance of the music, not a fee for a private listening. Its public broadcasting because it was paid by the radio station to be publicly broadcasted.
Attention... all grammer nazi"s! Is they're anything; wrong with: my post,
The article isn't about spying on Twitter. Its about demanding the information without a legal reason to do so. The US has no legal leg to stand on for demanding this information, yet they did it anyways.
Attention... all grammer nazi"s! Is they're anything; wrong with: my post,
"In Europe, police would be able to get this information without any judicial oversight, without anybody being informed, and without anybody being able to object."
Wrong. Logs from ISP and company are also subject to the equivalent of subponea. Where the heck did you get this idea that the police could get whatever they want without judicial oversight ?
It's not particularly unusual for a side in a legal proceeding to attempt to exceed what they're allowed to do. It's kind of a part of the adversarial justice system. Twitter now files a motion to quash the subpoena based on whatever reasoning they choose, and we go from there.
They do have the legal right to request the information. This comes under US law and given that there is an ongoing investigation into what Pfc Manning may or may not have leaked it most certainly is relevant. Now, it might be that most or all of the people aren't involved, but you can't very well know that without doing an investigation.
If you don't like our privacy laws, then don't user our services. I don't think that it's that unreasonable to recognize that a service that's headquartered and provided from a foreign state is going to be beholden to foreign laws.
I did look, and I couldn't find any evidence that Twitter is anything other than a US company.
Twitter supports private messaging too
The US has sovereignty over twitter, but not foreign users.
On the face of it this may be silly as EU law obviously doesn't apply to US companies. That however would be misreading the whole thing. The EU is controlled by two entities the European Parliament and the Commission. The latter writes the laws and proposals and the former votes for or against them.
Members of European Parliament (MEPs) are democratically elected. Their primary problem is that nobody in Europe cares what they do or what they say. The EU decisions are in practice always complex compromises. The UK may vote for privacy laws the Netherlands wants in exchange for increased fishing quotas and the Netherlands wants it because the Dutch government can use it as a political tool for some other purpose. In short political ideology does not exist in the EU. This is a big problem for MEPs as they can't get reelected unless they get enough publicity and look as if they are doing something the voters care about. The system works against them and so on occasion they make loud noises about any issue they think will be of interest to the voters. Given the complex nature of compromises in the EU they seldom have the opportunity to do this. In this case the opportunity they saw was in the word "twitter". They know that voters recognize it and have scrambled to make themselves look like they are doing something decisive in the public interest. It's not real, it's just collecting brownie points from the public and getting their name in the papers. So you can forget about it. It has nothing to do with EU privacy laws or the US or twitter - it's strictly a PR thing.
The other branch of the EU executive and legislative power is the Commission. It has two functions. One is to act in the interest of the entity that controls it - the EU's civil service and the other is to provide a mechanism for national level politicians to get unpopular decisions through. The EU is run and controlled by the EU bureaucracy - it's civil servants. The Commissioners represent primarily the interest of their departments. The interest of the civil service is entirely self serving. They are for sending SWIFT data to the US as it will mean many fact finding trips to the US and other countries for the people in the departments. They are strongly for the introduction of checks and balances for sending the data as it creates more work for the civil service and ultimately increases their budget. The politicians on the national level have no problem with this as their use of the Commission is to get through unpopular legislation. When something popular is introduced it's always handled at the national level and the local politicians take credit for it. When it's something unpopular they simply say "we hate it too, but it's EU legislation, we can't do anything about it".
That's how the system works and it's not easy for the MEPs as they are not civil servants, they are politicians and need publicity and votes while they are not really meant to have any significant political power. That's why there was such an outrage at the EP rejecting a gay bashing candidate for the post of the Commissioner for Justice a few years back. Things like that are not supposed to happen and as a rule they don't. So when you hear that the EP is making an inquiry or that MEPs are making noises about something, you can safely ignore it. It doesn't have to make sense as nothing will ever come of it - they are just trying to get themselves noticed in order to get reelected.
Actually what I'm saying is that a website that is reachable from anywhere (and takes no money) can not fall under the laws of every country from which it can be reached.
It is totally unworkable.
If by simply putting up a web page, or offering services free service on my server in the middle of Kansas I become subject simultaneously to the laws of every country on earth, then the Internet can no longer exist.
China understands that their laws apply within their borders. And they take all steps they feel necessary to enforce their laws in their country.
They don't stomp their feet and insight petulantly that every website in the world follow their laws.
They just block what they don't like.
I'm starting to become a fan of that approach. The EU should simply block twitter. Far less arrogant.
Sig Battery depleted. Reverting to safe mode.
Your mistake is assuming that American law applies. There's no question that it's legal within the US, however services offered in Europe to European citizens is subject to European law. The information sought is clearly protected under European laws.
Why do I even bother? It's Slashdot, mostly Americans and people reading this don't know the details of any legal system.
It actually applies to foreign companies for the storage of data pertaining to EU users.
I actually worked on something relating a month ago and the rules are there and the law exists for any service based in any country to take extra care when storing EU citizen data.
The result of this relating to the subpoena? The US simply cannot subpoena data relating to EU residents, only to US residents.
And that is it gentlemen; of course if the US wants to further degrade their reputation with Europe they can always walk all over European regulations they agreed to respect when handling EU data.
That won't be the first time the US just does what it wants and shits on everyone else, but it may be the last... Patience towards the US tantrums is running out in the EU...
--
www.twilightcampaign.net
Wrong. EU law applies to US companies conducting business in the EU. I can't see Twitter foregoing business in the 27 country EU as it is a market of over 500 million people.
I think the bottom line is, regardless of where Twitter is based, it has an ethical obligation to abide by EU laws if it wants to serve content to EU citizens. No one forced Twitter to serve content to the EU, they could have easily put up one of those (rather common) "XYZ content is not available in your country" pages. Not to mention that the fact that (to point out the blatantly obvious) EU citizens are (for the most part) not US citizens/residents, and therefore, the US has >> no right to our data; we're nothing to do with the US. If the US did want the data for some legitimate reason they could always ask through the proper channels. I have no idea whether there would even be a chance of them getting it, but that's not the point. Before going any further I would like to say I am NOT anti the American people (emphasis on people), in fact I quite like Americans. Nevertheless, the American government (emphasis on the government being different from people) has been getting up to much douchebaggery of late and a lot of us in the EU are getting quite annoyed about it. I think it's about time someone gave them a kick up the backside. Frankly I hope the next US government actually has a decent foreign policy. Over the past 10 years the Bush and Obama administrations have been alienating people overseas, increasingly isolating the US; and that's not good for anyone!
In addition, these laws apply to the three EEA countries - Norway, Iceland and Liechtenstein, and to Switzerland.
Ahh, those where the days...
/Gee, our old LaSalle ran great.
Nah, we'd be safe. Friendly fire will do for you, with the lovely side effect that, for a change, it wouldn't be a UK Tank column being shot by the American "allies".
If twitter and other US services can delivery your private data to the government there, then it should be better to use services based in the European Union.
....... slashdot!
That will not only affect twitter but also facebook, linkedin, gmail and
Maybe some small country could good business guarantying that customer information of services hosted there are kept private, sort of a swiss, lichtenstein or luxemburg internet privacy haven.
If you want to introduce on EU domains you don't break EU law - and if you keep defending amoral behavior by the US does that mean you wants war?
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
Quite an apt description, but it would make more sense if you didn't leave out the third and most shadowy body of EU government: the Council. The Council is composed of national ministers for whatever issue is the topic at the time. If it's energy, it's the energy ministers (or the closest equivalent), if it's agriculture it's the agriculture ministers etc, and for the most important issues the Council is made up of the prime ministers. It's kind of like a senate, but much worse. Everything they do happens behind closed doors and the public doesn't know anything until they come out to shake hands and smile for the cameras. The Council is arguably the most powerful of the three bodies of EU gov, and this is where all the horse-trading and bickering happens, not the Commission or the Parliament. Neither the Commission nor the Parliament has national interests in mind; the Commission serves the entire EU (and its own bureaucracy, some like to say) and an MEP serves his constituency. Council ministers represent states, and most everything undemocratic or otherwise "bad" about EU gov has to do with it.
I think it's funny how a company pride themselves on a model of transparency get touchy when their private information get released but they appear to have no problem when it comes to releasing some else private information. Can we all say hypocrites.
You misunderstand. Internet is not a magical no-law zone.
When twitter opens an account with a EU citizen, this transaction happened in the EU. They are bound, for this account, by EU law.
Your whole argument is that this is unworkable. In fact, it works very well: laws are mostly compatible, and citizens are mostly allowed to do as they please in the privacy of their own homes.
Once in a while, there is some incompatibility, and it needs to get resolved. But the greater point is that you, US citizen, do not lose rights because you use a Chinese website, nor does a EU citizen loses his when dealing with twitter.
This, in turns means that when twitter agreed to provide a service to a EU citizen, they also agreed to abide by EU privacy laws. In practice, this is incompatible with US law, because there, citizens have less rights. Again, in practice, this means that twitter ought to have a twitter EU subsidiary which does the data collection and management for EU citizens. And for technical reasons,I also expect them to do that anyway.
If you are a tiny company, this sucks, and you will have to decide which country enforces the stiffest penalty... But again, usually, this poses no problem. And if you cared about the privacy of you users, there would be no data to subpoena anyway.
All of a sudden a lot of people became totally in favor of the government snooping on Twitter users.
My UID is prime. Hah!
"Judges dont grant court orders without legal reasons."
Ho hoo! /wipes tear from eye I think you meant to say, judges don't grant orders without legal PRETENSE.
I don't think anybody is likely to attack the USA by force. Way too expensive, the USA has nukes anyway. Too many people would die.
I think they would be far more likely to make you dependent on their resources (say cheap clothes and raw materials) and then slowly influence your policies over a few decades to be favourable to their country and gradually take over you indirectly through influence and getting preferential deals for all their trade.
Why would anybody need to invade you if they control your resources? People only used to invade other countries because they wanted the land for people to settle on, the riches of the other country, the resources at a preferential deal, or the politicians of the other country to favour them. There are other ways to achieve that today.
Can you think of any other reason why somebody should invade you?
Tweets are public. End of story.
Twitter customers' details aren't, genius.
To have a right to do a thing is not at all the same as to be right in doing it
>hey'll also know the e-mails, passwords, and other information from those accounts.hey'll also know the e-mails, passwords, and other information from those accounts.
And chances are some of those passwords are reused for other websites/emails/services making it easier for some shady US agency to access them.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
My (hypothetical) personal site doesn't "do business" in the EU, but I still have some registered users who live there.
"I'm not sure I like the fugnutish tone you used in your post!" -RogL (608926)-
this transaction happened in the EU
No, it didn't. It happened in the US. That is where the webserver is, that is where the data is stored.
Twitter does not have a EU subsidiary. Twitter does not have offices in the EU. Twitter is not a registered company in the EU. How is twitter supposed to be bound by EU law again? Sorry, but the EU can go cry themselves to sleep, or build a big internet wall of EU like China if they don't like it.
Look, you are sitting in your room, at your computer. The transaction occurs where you are. Were the servers are located is immaterial.
Were they are located make twitter the subject of this subpoena, true. But were the transaction occurred makes twitter subject to EU law on privacy.
The important point here is that twitter is potentially guilty of something, not the users. If twitter had been selling widgets legal in the US and illegal in the EU, then the buyers would be guilty (and maybe twitter would receive some court order to stop doing business in the EU). Here everything was legit, up to the point were twitter must now decide which law it'll break.
You cannot magically remove right from people just because they are dealing with foreign companies! Privacy is a right EU citizens have, and if a company accepts EU user data, they must abide by those laws. Otherwise, they shouldn't allow access to their service.
Because let's face it, twitter is all fine when it comes to receiving euros for advertising... in exchange from user data.
Sorry, that is not how the law works. Just because you are accessing a server remotely does not make the owner of that server liable to follow any laws where you are located. Eurotrash gets dumber and bolder everyday. Disconnect your internet if you don't like it.
This is exactly how the law works.
A transaction between myself and twitter is a contract. Amongst the things a contract cannot do is deprive me of my rights, even if I wanted it to. If twitter did not want the liability of having EU citizen clients, they should not have entered into the contract in the first place!
Again, this is completely different from someone using twitter in his country to do something illegal there (not twitter's problem). This is the case were twitter does something illegal in the EU _in the EU_ Because their client is a EU citizen located in the EU.
This is like you getting abducted by a Somali in the US to be brought back there, and the pirate telling the US to fuck off, because in Somalia, abduction is legal.
So behave yourselves -- you won't see us coming if we don't want you to...
https://www.nytimes.com/2003/12/02/international/americas/02CANA.html?ex=1070946000&en=37b83e09654ed443&ei=5062&partner=GOOGLE
Non-paywall:
http://forum.grasscity.com/general-marijuana-news-around-world/31035-canada-steers-closer-europe-than-u-s.html
http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=102x248028
"I thought they were the dominant species..."
Twitter nor any of it's servers were ever in the EU, sorry. The EU citizen sent his data to the US. What happens to it once there is not under EU law, sorry.
And no, it's not like getting abducted by a Somali. It's more like ordering something from another country over the phone, then complaining that the company provided your name to their government for import taxes and claiming it's illegal to do so under EU privacy laws. Sorry, your laws don't apply here.
You misunderstand. Internet is not a magical no-law zone.
And no one said that it was.
When twitter opens an account with a EU citizen, this transaction happened in the EU.
For the European, perhaps. Twitter didn't go anywhere. That EU citizen sent a request to a server west of the Rockies.
They are bound, for this account, by EU law.
No, they're not.
Your whole argument is that this is unworkable.
That seems to be an exaggeration of one argument he used.
In fact, it works very well:
In fact, it doesn't. If it did, there would be no Twitter, because Iran, China, and North Korea would kill it.
laws are mostly compatible,
Not at all compatible.
and citizens are mostly allowed to do as they please in the privacy of their own homes.
You know, when you say shit like that “as they please in the privacy of their own homes,” it makes Americans want to free the shit out of you, too. You should do as you please anywhere so long as it does not interfere with another's ability to do as he pleases.
Once in a while, there is some incompatibility, and it needs to get resolved. But the greater point is that you, US citizen, do not lose rights because you use a Chinese website,
That's just a non sequitur. “Lose rights?” You mean like the right to make contracts, to bargain for a service according to mutually beneficial terms? (Like Twitter's supposedly illegal-in-a-foreign-jurisdiction-where-they-have-no-operations terms of service?)
nor does a EU citizen loses his when dealing with twitter.
And no one claimed he does.
This, in turns means that when twitter agreed to provide a service to a EU citizen,
They didn't agree to provide a service to a [sic] EU citizen. They agreed to provide service to a person. They don't ask nationality (and they shouldn't have to and never should).
they also agreed to abide by EU privacy laws.
If someone in Germany calls me on the telephone, am I agreeing to follow German laws? No. Bullshit.
In practice, this is incompatible with US law, because there, citizens have less [sic] rights.
(1) Fewer rights.
(2) Bullshit. In the US, people (not even citizens, immigrants, too) have the right to create companies like Twitter without having to have a dozen lawyers in every country around the world to maintain a 140-character microblogging site.
Again, in practice, this means that twitter ought to have a twitter EU subsidiary which does the data collection and management for EU citizens.
No, it means they shouldn't if they don't want to quintuple their expenses.
And for technical reasons,I also expect them to do that anyway.
If you are a tiny company, this sucks, and you will have to decide which country enforces the stiffest penalty... But again, usually, this poses no problem. And if you cared about the privacy of you users, there would be no data to subpoena anyway.
(1) Without those data, Twitter could not operate. That's like an airplane with no engine.
(2) It was a warrant, not a subpoena. (They wanted data, not testimony.)