Shhh… French Ultimatum Clicking on Google Over "Right to be Forgotten" Ruling

Please check out my two previous columns on this topic – and the latest on the situation from the Bloomberg article below:

Google Faces French Ultimatum Over Right to Be Forgotten

by Stephanie Bodoni
June 12, 2015 — 5:22 PM HKT
Updated on June 12, 2015 — 11:24 PM HKT

Google Inc. risks French fines after being handed a 15-day ultimatum to extend the so-called right to be forgotten to all its websites, including those outside the European Union.

France’s data protection regulator, CNIL, ordered the world’s most-used search engine to proceed with delistings of links across its network, irrespective of the domain name, according to a statement on Friday. CNIL said it received “hundreds of complaints following Google’s refusals.”

The order comes more than a year after a ruling by the EU’s highest court created a right to be forgotten, allowing people to seek the deletion of links on search engines if the information was outdated or irrelevant. The ruling created a furor, with Mountain View, California-based Google appointing a special panel to advise it on implementing the law. The panel opposed applying the ruling beyond EU domains.

If Google “doesn’t comply with the formal notice within the 15 days,” Isabelle Falque-Pierrotin, the president of CNIL “will be in position to nominate a rapporteur to draft a report recommending to the CNIL Select Committee to impose a sanction to the company,” the watchdog said.

“We’ve been working hard to strike the right balance in implementing the European court’s ruling, cooperating closely with data protection authorities,” Al Verney, a spokesman for Google in Brussels, said in an e-mailed statement. “The ruling focused on services directed to European users, and that’s the approach we are taking in complying with it.”

Links Removal

EU data protection chiefs, currently headed by Falque-Pierrotin, last year already urged Google to also remove links, when needed, from .com sites.

Google Chairman Eric Schmidt has argued that the EU court’s ruling in May 2014 — in which it ordered search links tied to individuals cut when those people contend the material is irrelevant or outdated — didn’t need to be extended to the U.S. site.

“It is easy circumventing the right to be forgotten by using the domain Google.com,” said Johannes Caspar, the Hamburg data protection commissioner. “Google should be compliant with the decision and fill the protection gap quickly.”

Google has removed 342,161, or 41.3 percent, of links that it has “fully processed,” according to a report on its website.

‘Right Balance’

The U.K.’s Information Commissioner’s Office said in a statement that its experience with removal requests “suggests that, for the most part, Google are getting the balance right between the protection of the individual’s privacy and the interest of internet users.”

The right-to-be-forgotten rules add to separate demands for curbs on Google’s market power being considered by lawmakers this week. EU antitrust regulators in April escalated their four-year-old probe into Google, sending the company a statement of objections accusing the Internet giant of abusing its dominance of the search-engine market.

The same day, the EU also started a new investigation into Google’s Android mobile-phone software.

Shhh… Emails Reveal Cozy Google-NSA Relationship on Previously Denied High-Level Policy Discussions

Here’s an exclusive story (below) from Al Jazeera neither Google nor the NSA wants you to know.

Email-NSA-Google

Email-NSA-Google2

Email-NSA-Google3

Exclusive: Emails reveal close Google relationship with NSA

National Security Agency head and Internet giant’s executives have coordinated through high-level policy discussions

May 6, 2014 5:00AM ET
by Jason Leopold

Email exchanges between National Security Agency Director Gen. Keith Alexander and Google executives Sergey Brin and Eric Schmidt suggest a far cozier working relationship between some tech firms and the U.S. government than was implied by Silicon Valley brass after last year’s revelations about NSA spying.

Disclosures by former NSA contractor Edward Snowden about the agency’s vast capability for spying on Americans’ electronic communications prompted a number of tech executives whose firms cooperated with the government to insist they had done so only when compelled by a court of law.

But Al Jazeera has obtained two sets of email communications dating from a year before Snowden became a household name that suggest not all cooperation was under pressure.

On the morning of June 28, 2012, an email from Alexander invited Schmidt to attend a four-hour-long “classified threat briefing” on Aug. 8 at a “secure facility in proximity to the San Jose, CA airport.”

“The meeting discussion will be topic-specific, and decision-oriented, with a focus on Mobility Threats and Security,” Alexander wrote in the email, obtained under a Freedom of Information Act (FOIA) request, the first of dozens of communications between the NSA chief and Silicon Valley executives that the agency plans to turn over.

Alexander, Schmidt and other industry executives met earlier in the month, according to the email. But Alexander wanted another meeting with Schmidt and “a small group of CEOs” later that summer because the government needed Silicon Valley’s help.

“About six months ago, we began focusing on the security of mobility devices,” Alexander wrote. “A group (primarily Google, Apple and Microsoft) recently came to agreement on a set of core security principles. When we reach this point in our projects we schedule a classified briefing for the CEOs of key companies to provide them a brief on the specific threats we believe can be mitigated and to seek their commitment for their organization to move ahead … Google’s participation in refinement, engineering and deployment of the solutions will be essential.”

Jennifer Granick, director of civil liberties at Stanford Law School’s Center for Internet and Society, said she believes information sharing between industry and the government is “absolutely essential” but “at the same time, there is some risk to user privacy and to user security from the way the vulnerability disclosure is done.”

The challenge facing government and industry was to enhance security without compromising privacy, Granick said. The emails between Alexander and Google executives, she said, show “how informal information sharing has been happening within this vacuum where there hasn’t been a known, transparent, concrete, established methodology for getting security information into the right hands.”

The classified briefing cited by Alexander was part of a secretive government initiative known as the Enduring Security Framework (ESF), and his email provides some rare information about what the ESF entails, the identities of some participant tech firms and the threats they discussed.

Alexander explained that the deputy secretaries of the Department of Defense, Homeland Security and “18 US CEOs” launched the ESF in 2009 to “coordinate government/industry actions on important (generally classified) security issues that couldn’t be solved by individual actors alone.”

“For example, over the last 18 months, we (primarily Intel, AMD [Advanced Micro Devices], HP [Hewlett-Packard], Dell and Microsoft on the industry side) completed an effort to secure the BIOS of enterprise platforms to address a threat in that area.”

“BIOS” is an acronym for “basic input/output system,” the system software that initializes the hardware in a personal computer before the operating system starts up. NSA cyberdefense chief Debora Plunkett in December disclosed that the agency had thwarted a “BIOS plot” by a “nation-state,” identified as China, to brick U.S. computers. That plot, she said, could have destroyed the U.S. economy. “60 Minutes,” which broke the story, reported that the NSA worked with unnamed “computer manufacturers” to address the BIOS software vulnerability.

But some cybersecurity experts questioned the scenario outlined by Plunkett.

“There is probably some real event behind this, but it’s hard to tell, because we don’t have any details,” wrote Robert Graham, CEO of the penetration-testing firm Errata Security in Atlanta, on his blog in December. “It”s completely false in the message it is trying to convey. What comes out is gibberish, as any technical person can confirm.”

And by enlisting the NSA to shore up their defenses, those companies may have made themselves more vulnerable to the agency’s efforts to breach them for surveillance purposes.

“I think the public should be concerned about whether the NSA was really making its best efforts, as the emails claim, to help secure enterprise BIOS and mobile devices and not holding the best vulnerabilities close to their chest,” said Nate Cardozo, a staff attorney with the Electronic Frontier Foundation’s digital civil liberties team.

He doesn’t doubt that the NSA was trying to secure enterprise BIOS, but he suggested that the agency, for its own purposes, was “looking for weaknesses in the exact same products they’re trying to secure.”

The NSA “has no business helping Google secure its facilities from the Chinese and at the same time hacking in through the back doors and tapping the fiber connections between Google base centers,” Cardozo said. “The fact that it’s the same agency doing both of those things is in obvious contradiction and ridiculous.” He recommended dividing offensive and defensive functions between two agencies.

Two weeks after the “60 Minutes” broadcast, the German magazine Der Spiegel, citing documents obtained by Snowden, reported that the NSA inserted back doors into BIOS, doing exactly what Plunkett accused a nation-state of doing during her interview.

Google’s Schmidt was unable to attend to the mobility security meeting in San Jose in August 2012.

“General Keith.. so great to see you.. !” Schmidt wrote. “I’m unlikely to be in California that week so I’m sorry I can’t attend (will be on the east coast). Would love to see you another time. Thank you !” Since the Snowden disclosures, Schmidt has been critical of the NSA and said its surveillance programs may be illegal.

Army Gen. Martin E. Dempsey, chairman of the Joint Chiefs of Staff, did attend that briefing. Foreign Policy reported a month later that Dempsey and other government officials — no mention of Alexander — were in Silicon Valley “picking the brains of leaders throughout the valley and discussing the need to quickly share information on cyber threats.” Foreign Policy noted that the Silicon Valley executives in attendance belonged to the ESF. The story did not say mobility threats and security was the top agenda item along with a classified threat briefing.

A week after the gathering, Dempsey said during a Pentagon press briefing, “I was in Silicon Valley recently, for about a week, to discuss vulnerabilities and opportunities in cyber with industry leaders … They agreed — we all agreed on the need to share threat information at network speed.”

Google co-founder Sergey Brin attended previous meetings of the ESF group but because of a scheduling conflict, according to Alexander’s email, he also could not attend the Aug. 8 briefing in San Jose, and it’s unknown if someone else from Google was sent.

A few months earlier, Alexander had emailed Brin to thank him for Google’s participation in the ESF.

“I see ESF’s work as critical to the nation’s progress against the threat in cyberspace and really appreciate Vint Cerf [Google’s vice president and chief Internet evangelist], Eric Grosse [vice president of security engineering] and Adrian Ludwig’s [lead engineer for Android security] contributions to these efforts during the past year,” Alexander wrote in a Jan. 13, 2012, email.

“You recently received an invitation to the ESF Executive Steering Group meeting, which will be held on January 19, 2012. The meeting is an opportunity to recognize our 2012 accomplishments and set direction for the year to come. We will be discussing ESF’s goals and specific targets for 2012. We will also discuss some of the threats we see and what we are doing to mitigate those threats … Your insights, as a key member of the Defense Industrial Base, are valuable to ensure ESF’s efforts have measurable impact.”

A Google representative declined to answer specific questions about Brin’s and Schmidt’s relationship with Alexander or about Google’s work with the government.

“We work really hard to protect our users from cyberattacks, and we always talk to experts — including in the U.S. government — so we stay ahead of the game,” the representative said in a statement to Al Jazeera. “It’s why Sergey attended this NSA conference.”

Brin responded to Alexander the following day even though the head of the NSA didn’t use the appropriate email address when contacting the co-chairman.

“Hi Keith, looking forward to seeing you next week. FYI, my best email address to use is [redacted],” Brin wrote. “The one your email went to — sergey.brin@google.com — I don’t really check.”

Obama's Still On the Wrong Frequency On Cybersecurity Issues

This is probably the most telling moment of how US President Barack Obama is still on the wrong frequency on cyber matters…

Obama blamed the “impact on their [the tech companies] bottom lines” for the mistrust between the government and Silicon Valley in the aftermath of the Snowden revelations. These were his words, straight from the POTUSA mouth rather than reading from the scripts, in an exclusive interview with Re/code’s Kara Swisher (see video below) following the well publicized cybersecurity summit at Stanford University last Friday, when he signed an executive order to encourage the private sector to share cybersecurity threat information with other companies and the US government.

Contrast that with the high-profile speech by Apple CEO Tim Cook (see video below), who warned about “life and death” and “dire consequences” in sacrificing the right to privacy as technology companies had a duty to protect their customers.

His speech was delivered before Obama’s address to the summit – which the White House organized to foster better cooperation and the sharing of private information with Silicon Valley – best remembered for the absence of leaders from tech giants like Google, Yahoo and Facebook who gave Obama the snub amid growing tensions between Silicon Valley and the Obama administration. Heavyweights whom Obama counted as “my friends” in the Re/code interview (watch closely his expression at the 39th second of the clip above).

The Flawed "Right To Be Forgotten" Ruling on Google Cannot and Should Not be Globalized

A eight-member panel experts tasked to review privacy issues relating to online search giant Google Inc. has rejected late last week attempts by EU privacy watchdogs to extend the “right to be forgotten” ruling beyond the 28-nation bloc – see Bloomberg report below.

The European Court of Justice issued a landmark ruling last May that anyone living in the European Union and Europeans living outside the region could ask search engines like Google to remove links if they believed the online contents breached their right to privacy and are “inadequate, irrelevant or no longer relevant, or excessive in relation to the purposes for which they were processed.”

I have explained in my column last July that the ruling was Much Ado About Nothing as it amounted to everything but forgotten: what Google essentially did was to remove results from name search of those names approved to be deleted but only on its European websites. The same results remain on the Google US homepage and all its non-European sites. Furthermore, Google is only removing the results but not the links.

Thus no surprise there are now efforts to address these not-so-forgotten issues.

But as I have further pointed out then, the more devastating and often overlooked impact was how any “right to be forgotten” would be a much welcomed and God-sent convenience for “women with a past and men with no future”, essentially amounting to the “right to be defrauded”.

In short, anyone in support and calling to extend the “right to be forgotten” ruling – including the Hong Kong Privacy Commissioner Allen Chiang who erroneously heralded it as a way to grant everyone a “second chance in life” – is not only pulling the plug on the free flow of information but also effectively facilitating the closing down of everyone’s right to information, which would derail the notion of free markets in this global economy if every individuals and entities could so conveniently erase their dirty laundries (like criminal convictions, litigation history, old debts and past bankruptcy records for starters) at the expense of their counter-parties who could no longer trace anything – especially if this ruling was blindly extended and embraced globally.

And I stress once again, the internet, originally designed to exchange raw data between researchers and scientists, has evolved into a self-contained, self-sustained and self-evolving ecosystem of records, communications, commerce, entertainment, etc. Any attempt to remove the contents, successful or otherwise, is like playing God.

Historians will mark the EU ruling as a (irreversible) seismic error. Extending it to a global scale will have no equals in the history of mankind.

Google Panel Opposes EU Data Watchdogs on Forgotten Case

by Stephanie Bodoni

(Bloomberg) — A panel of experts enlisted by Google Inc. to review privacy issues following a European Union court ruling backed the search giant’s bid to limit the “right to be forgotten” to websites within the 28-nation bloc.

The eight-member group, which includes Wikipedia co-founder Jimmy Wales, rejected a push by EU privacy watchdogs to extend search link removals to Google’s global site.

“Delistings applied to the European versions of search will, as a general rule, protect the rights of the data subject adequately in the current state of affairs and technology,” the group said in the 41-page report. “Removal from nationally directed versions of Google’s search services within the EU is the appropriate means to implement the ruling at this stage.”

A ruling by the EU Court of Justice last year created a right to be forgotten, allowing people to seek the deletion of links on search engines if the information was outdated or irrelevant. The ruling created a furor, with Mountain View, California-based Google appointing the panel to advise it on implementing the law.

The geographic scope of an EU court ruling that forced the company last year to remove some search links on request was a “difficult question that arose throughout” the panel’s meetings, the group said.

Today’s report puts the group at odds with the 28-nation EU’s data-protection regulators who last year urged the company to allow people to seek the deletion of links to some personal data on the company’s main U.S. website.

Sabine Leutheusser-Schnarrenberger, a former German justice minister and one of the panel’s member, said that she opposed the majority view of the group on the geographical scope of the EU court ruling.

EU Domains

Removal requests “must not be limited to EU domains,” she said in the report. “The Internet is global, the protection of the user’s rights must also be global. Any circumvention of these rights must be prevented.”

The Google advisory group last year visited seven European cities, from Rome to Berlin, listening to academics and public officials.

“It’s been valuable to hear a wide range of viewpoints in recent months across Europe and we’ll carefully consider this report,” David Drummond, Google’s top lawyer, said in an e-mailed statement. “We’re also looking closely at the guidance given by Europe’s data protection authorities as we continue to work on our compliance with” the EU court ruling.

The company has received 212,109 requests to remove 767,804 links from its website to date, according to its website.

Initial Split

The deletion of links beyond the 28-nation EU was one of two issues that created an initial split between Google and data-protection regulators. Regulators have complained that information blocked on EU websites shouldn’t be easily accessible by visiting Google in other countries by changing a few characters on the browser address line.

The company’s policy of notifying the media about deleted links to stories on their websites also sparked the ire of regulators. The report recommended that search engines “should notify the publishers to the extent allowed by law.”

“In complex cases, it may be appropriate for the search engine to notify the webmaster prior to reaching an actual delisting decision,” the panel said. “If feasible, it would have the effect of providing the search engine additional context about the information at issue and improve accuracy of delisting determinations.”

Europe’s Ruling on Google: Much Ado About Nothing

Forget-me-not

“More than once, I’ve wished my real life had a delete key.” – Harlan Coben, American novelist.

If that sounds familiar, it has now become a reality but with reasons for concern – it has been two months since the controversial European “right to be forgotten” ruling. The irony is that nothing has actually changed fundamentally despite all the subsequent hoo-hah.

Let’s not forget the internet was originally designed to exchange raw data between researchers and scientists. Any attempt to manually and selectively remove the contents, successful or otherwise, is like playing God – much worse when Google decides what to delete.

I have listed an example to illustrate the lessons to be learned and price to be paid – of a somewhat similar attempt and the implications on the society at large.

You can find the entire column here.