Privacy International hat einen offenen Brief an die Mitglieder des Europaparlaments zur aktuellen Sperr-Debatte (#Censilia) geschrieben, der nochmal einige Argumente aus der Datenschutzecke in die Debatte bringt: PI appeals to European Parliament to reconsider blocking measures.
Netzpolitik.org ist unabhängig, werbefrei und fast vollständig durch unsere Leserinnen und Leser finanziert.
„Function creep“: Traditionally, Internet blocking has been done through the fairly unsophisticated method of “DNS blocking”. As blocking is generally symbolic, nobody has ever demanded anything more functional. However, this is likely to change. Once implemented, there is nearly always a function creep, in that the scope of the policy and the technologies will increase over time. The purposes for which blocking will be deployed will grow because it will be simple to add more criteria, once the blocking infrastructure is in place. Similarly, techniques for monitoring transactions will be enhanced because we have breached the principle that communications are sacrosanct. These changes are already happening. Virgin Media in the UK has announced plans for deep packet inspection on a trial basis, for example. Commissioner Malmström acknowledged this point in a newspaper interview in March and raised no particular worries about where this could lead us. It won’t be long before we see calls for other forms of communications tampering.
Privacy enhancing technologies (PETS): Many privacy enhancing technologies such as onion routing, open proxy services and anonymiser services circumvent the blocking techniques that are most commonly used in Europe. We are now in a situation where the Commission supports blocking and supports the use of PETS. In a contest of principles we doubt that the Commission’s resolve on PETs will withstand a blocking assault.
Lack of diligence from the European Commission: There will be a range of important privacy related legislation in coming years (including this proposal), including the revision of the Data Retention Directive. It is essential that a basic level of diligence is demanded from the Commission in order to facilitate the decision-making process and adequately protect fundamental rights. The proposal from the Commission is so fundamentally flawed that it did not even evaluate the impact of blocking in countries where this technology is already in place.
Leaked blocking lists: Blocking lists inevitably leak and have leaked numerous times, in Europe and elsewhere. It is also inevitable that mistakes are made and overblocking will occur where legal sites are put on these lists. One example is the case of a Finnish blocking list that included a website criticising web blocking. Similarly, an Australian doctor was publicly associated with the publication of child abuse material when his website (which was about euthanasia) was on the leaked Australian blocking list.
Browser information: When a user is redirected to a ’stop‘ page (and it must be stressed that the system is being put in place on the assumption that this will stop accidental access), a wide range of data may be collected. If, for example, the user „hits“ the ’stop‘ page after being redirected from a page where s/he filled out a form, all of the form details would be sent to the stop page – this could be the name, address, birthdate or any other information included in the form. If the page in question requires a login and password, as was the case when the Internet Watch Foundation decided to block Wikipedia, the blocking system has access to all usernames, passwords and log-in cookies. Meanwhile, the innocent users of Wikipedia were not even informed that they were being blocked.