INTERNATIONAL FOCUS PROGRAMME ALMANAC 2013-2016
The point of the International Focus Programme is to get all the Local and National Groups of the ELSA Network to start organising events around the same topic; if done properly, this can become a major factor in forming the general opinion and mindset of young lawyers and law students. Most notably, it can help ensure that problematic issues of a certain topic are treated from a legal point of view. ELSA wants to have an impact on students and young lawyers and in society.
2 | International Focus Programme Almanac
ABOUT ELSA
ELSA International Phone: +32 2 646 26 26 Web: www.elsa.org E-mail: elsa@elsa.org
THE ASSOCIATION The European Law Students’ Association, ELSA, is an international, independent, non-political and not-for-profit organisation comprised of and run by and for law students and young lawyers. Founded in 1981 by law students from Austria, Hungary, Poland and West Germany, ELSA is today the world’s largest independent law students’ association.
ELSA Members x 50,000
ELSA Local Groups x 300
ELSA National Groups x 43
OUR SPECIAL STATUS ELSA has gained a special status with several international institutions. In 2000, ELSA was granted Participatory Status with the Council of Europe. ELSA has Consultative Status with several United Nations bodies: UN ECOSOC, UNCITRAL, UNESCO & WIPO.
ELSA International
Human Rights Partner
VISION
"A JUST WORLD IN WHICH THERE IS RESPECT FOR HUMAN DIGNITY AND CULTURAL DIVERSITY"
General Partners
ELSA IS PRESENT IN 43 COUNTRIES Albania, Armenia, Austria, Azerbaijan, Belarus, Belgium, Bosnia and Herzegovina, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Georgia, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Montenegro, the Netherlands, Norway, Poland, Portugal, Republic of Macedonia, Republic of Moldova, Romania, Russia, Serbia, Slovak Republic, Slovenia, Spain, Sweden, Switzerland, Turkey, Ukraine and the United Kingdom. INTERNATIONAL FOCUS PROGRAMME
LL.M. Partners
English Language Partners
The International Focus Programme, which is also known as IFP, aims at raising awareness of a specific theme for whole ELSA Network over a fixed term. In this way, ELSA creates a forum where law students and young lawyers can combine their efforts, discuss and participate in various activities within a current theme. Likewise, it consolidates work and achievements of all ELSA groups, is reflected in concrete high standard results and gives an opportunity for law students to raise a voice and show up the diversity of their opinions and ideas.
Publication
Contacts
Advertising
Editor-in-chief: Sara Galassini
Email: seminarsconferences@elsa.org
Would you like to advertise your cour-
Design & Layout: Ivan Chopyk
Webpage: elsa.org/international-focus-
ses, services, company or products,
Technical Support: Jerome
programme/
please do not hesitate to contact ELSA
Weinhonig
Facebook: fb.me/elsa.org
International: advertisements@elsa.org
Technical Provider for excellent IT solutions
International Focus Programme Almanac | 3
EDITORIAL
The European Law Students‘ Association (ELSA) is the world’s largest independent law students’ association with more than 50 000 individual members from 43 countries. International Focus Programme is one of the oldest projects of ELSA. Its aim is to provide law students from all over the Europe with an opportunity to work together on a hot legal topic, thus consolidating the work of young European lawyers in practical and theoretical spheres. Topic has to be internationally relevant, have an impact on everyday life and an academic discussion potential. This time ELSA network decided to focus on Media law, an area of law that regulates activities in all sorts and sizes of media communications. Media law is quickly becoming one of the most relevant legal topics, since a worldwide access to internet provides everyone with an opportunity to become a creator of media content. Establishment of a Pan-European common legal framework may be very helpful. Within a three years long timeframe, ELSA succeeded to research various aspects of this legal field and to find many issues that could create a motivation for European legislators to enact relevant laws. The goal of the Almanac is thus to discuss some of the revealed legal problems, to summarize the outcome of the work made by ELSA and to draw conclusions that seek to contribute to the European legal education.
4 | International Focus Programme Almanac
Matej Sadloň Vice President for Seminars & Conferences ELSA International 2015/2016
CONTENTS Academic Vision Hyperlinks to copyrighted content are legal, if both sites grant free access
5
Data Protection Principles and the (Big) Data Challenges in the Light of the New EU Legislation
8
Media Law and International Human Rights The Right to be Forgotten Notes on (freedom of) opinion and expression
15 17 20
Technical-legal analysis of 1995 "Hackers" movie Who is the real black hat hacker and the real criminal: Joey or The Plague ?
23
Internet Control – necessity or obligation?
33 ELSA Network
36
Media Law as a contemporary legal topic and an engaging tool for the ELSA Network
39
Report of the ELSA Delegation to the Council of Europe Conference on ‘Freedom of Expression: still a precondition for democracy?’
49 52 55 57 58 59
LRG on Freedom Of Expression - Protection of Journalistic Sources ELSA Law Schools on Media Law A STEP forward in Media Law Organising the Final Conference on Online Hate Speech Mid-IFP Conference on Freedom of Expression in Zgreb Final IFP Conference on Media Law in Trieste International Focus Programme Almanac | 5
Academic Vision
Hyperlinks to copyrighted content are legal, if both sites grant free access CASE C-466/12 In the judgment of 13 February 2014 the Court of Justice of the European Union has agreed that, providing access to online published press articles through hyperlinks submitted, shall not be considered as a “communication to a public” in Anna Przerwa the meaning of Article 3(1) of Directive legal advisor trainee, the District Chamber of Legal 2001/29/EC of the European ParliAdvisors in Warsaw ament and of the Council of 22 May 2001 on the harmonization of certain aspects of copyrights and related rights in the information society. In case C-466/12, journalists holding copyrights in press articles published in the newspaper and also on the newspaper’s website, brought an action for copyright infringement against a company, which operates a website, providing its users with a list of hyperlinks to articles published online by other websites. The journalists claimed, that the company published their press articles without their authorization, by making them available to the users of that company’s website. Moreover, according to these journalists, those users were not aware, that by clicking on a provided hyperlink or (“click-able link”) they have been redirected to a different website. Therefore, the Svea Court of Appeal (Sweden) has made a request for a preliminary ruling concerning, among other aspects, the interpretation of an act of “communication to the public” in the meaning of Art. 3(1) of Directive 2001/29/ EC respectively to the above mentioned case. WHAT IS AN “ACT OF COMMUNICATION”? Under provision of Article 3(1) of Directive 2001/29/ EC, the “Member States shall provide authors with the exclusive 6 | International Focus Programme Almanac
right to authorize or prohibit any communication to the public of their works (…)” The Svea Court of Appeal asked the Court of Justice of the European Union the question of whether or not placing a hyperlink to protected work by anyone other than the holder of copyright in this work, providing an access to this very protected work through his website, qualifies as an act of “communication to the public” constituted within the meaning of said provision, and therefore if it is a violation of copyrights. In its judgment in case C-466/12, the Court of Justice of the European Union agreed that every act of communication to the public has to be authorized by the holder of the copyright protected work. However, “communication to the public” requires two cumulative criteria: (1) “an act of communication” of a protected work and (2) communication thereof to a “public”. The existence of an “act of communication” must be widely understood. In its previous judgments, the Court of the European Union has also qualified a provision of an access to the broadcast works as an “act of communication”, via television screen and speakers, to the customers present in an on-trade outlet (Joined Cases C-403/08 and C-429/08) and retransmission of the works included in a terrestrial television broadcast (Case C-607/11). The Court of Justice of the European Union agreed that an “act of communication” requires making a protected work available to the public in such way that the users that make up that public have an access to a work, ir-
Academic Vision respective of whether they make a use of that eventual access or not. Therefore, a provision of hyperlinks to protected works shall be equivalent to “making them available” and must be considered as an “act of communication”. HOW LARGE SHALL THE “PUBLIC” BE? In order to consider an “act of communication” of the protected work as copyright infringement in the meaning of the Article 3(1) of the aforementioned Directive, the work has to be presented to a “public”. According to the case-law of the Court of Justice of the European Union, the definition of “public” in Article 3(1) of Directive 2001/29 means an indeterminate number of potential recipients, moreover, a fairly large number of persons (Case C-607/11).
Therefore, the provision of hyperlinks on a website made by a webmaster thereof, is aimed at potential users, that is to say – an indeterminate and fairly large number of recipients, which means that by such actions a webmaster makes “communication to the public”. The “communication to the public” in the meaning of Article 3(1) of Directive 2001/29, furthermore, requires a communication of same works as those covered by the initial publication, communication made by the same technical means and communication directed at new users, not previously taken into account by the holders of copyright in works initially published on basis of their authorization. Therefore, the Court of Justice of the European Union agreed, that by publishing a work on a website without any restrictions of access thereof, all potential Internet users could access those works freely.
In those circumstances, the users, who accessed the press articles through hyperlinks provided by another website, where those press articles have been initially published, must be considered as a part of the potential public targeted by copyright holders when they authorized the initial publication thereof. Consequently, because there is no new public, there is no obligation to obtain an authorization for publication of protected works. Moreover, recipients’ lack of awareness, that by clicking on the provided hyperlink they have been redirected to a different website, has not been considered as significant to the conclusion of the Court. A “PUBLIC” CONSIDERED AS “NEW” In case when the access provided through a hyperlink to a protected work would lead to the circumvention of restrictions of the website, where the initial publication authorized by the copyright holders in those works have been made, all recipients, who accessed such work shall be considered as “new public”. Users who would not be able to access protected works without provision of a hyperlink, have to be understood as a new public, which was not taken into account by the copyright holders at the moment of granting an authorization for initial publication. In those circumstances, a provision of a hyperlink to a work not freely available to all recipients requires an authorization under provision of Article 3(1) of said Directive. CONCLUSIONS According to the analyzed judgment of the Court of Justice of the European Union in case C-466/12, every owner of an Internet site is entitled to provide his users with access to protected works by hyperlinks, if only such protected work has already been authorized to be published online on an “open” internet. Moreover, according to the said judgment, there is not a copyright infringement, even in case, when the user is not aware, that he has been redirected to a different site. Therefore, provision of access to a protected work through a hyperlink on a different website is not considered as a “communication to the public” and does not upset an author’s monopoly on exclusive rights to authorize any communication of their works to the public.
International Focus Programme Almanac | 7
Academic Vision
Data Protection Principles and the (Big) Data Challenges in the Light of the New EU Legislation
Helena Ursic researcher and PhD candidate in the EuDEco project at eLaw, the Center for Law and Digital Technologies at the Faculty of Law of Leiden University
Jenneke Evers PhD candidate in the SCALES project at eLaw, the Center for Law and Digital Technologies at the Faculty of Law of Leiden University
In April 2016 the European Parliament approved the General Data Protection Regulation and two directives concerning data protection in the area of prevention, detection, investigation and prosecution of crime. All three acts seek to regulate personal data use and flows – while the regulation applies to all sectors, the directives only pertain to law enforcement activities. In this contribution we discuss whether the new legislation package is able to face the challenges posed by the rise of big data analytics, an increasingly used type of data use. Drawing on the chosen case studies we focus on two data protection aspects: the principle of purpose limitation and specification and on data subject rights. In the future we foresee two sorts of challenges: on the one hand data processors need to make sure that they correctly implement the purpose limitation principle and are able to do so. On the other hand, data subjects need to be granted clear rights, and need to comprehend and embrace those. Finding the right balance between the great opportunity that big data analytics creates for our economy, health and security, and the danger of deteriorating privacy and data protection for the same reason seems to be the future struggle for big data users in both the commercial and the law enforcement sector. 8 | International Focus Programme Almanac
INTRO: FROM 1995 TO 2016 In April 2016 the European Parliament approved several amendments to the data protection legislation. The first legal act is the General Data Protection Regulation (GDPR)1, which repeals the 1995 Data Protection Directive2 and implements a new, unified regime for data protection in the EU. The former directive’s as well as its successor’s aim is twofold – first they both seek to facilitate data transfers across the European free market zone and second they strive to strengthen individual rights. When the legislative procedure for the GDPR started in 2012, the text already faced criticism that it was outdated by new developments – especially since it will only be applied from May 2018 onwards. One of those new developments is the recent rise in big data analytics3, which is used in the public as well as the private sector – a well-known example is behavioural advertising. At the same plenary session the European MPs also approved the directive regulating the use of personal data for the prevention, investigation, detection or prosecution of criminal offences (LEDP Directive), which repeals the 1 Council Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). 2 Council Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data (Data Protection Directive). 3 ‘Big data’ has been defined by many in numerous ways. Some authors define big data by its technical aspects, such as the ‘3 V’s’ (Volume, Variety and Velocity), in this contribution we hold a more social conception of big data. Others claim that the era of big data means a paradigm shift, ‘a way of thinking about knowledge through data and a framework for supporting decision making, rationalizing action, and guiding practice’ as Nissenbaum and Barocas describe it (Helen Nissenbaum & Solon Barocas, ‘Big Data’s End Run around Anonymity and Consent’ in Julia Lane et al. (eds), Privacy, Big Data and the Public Good (CUP 2014) 48. In other words, the practice of big data analytics points to linking and analysing (more and messier) data sets with new technologies in order to discover new knowledge in the form of correlations. In this contribution we hold a more social conception of big data and look at the (legal) impact of big data analytics in society.
Academic Vision
Council Framework Decision 2008/977/JHA4. Finally, the Parliament approved the directive regulating the use of Passenger Name Record (PNR) data in the EU for the prevention, detection, investigation and prosecution of terrorist offences and serious crime (PNR Directive)5. The amount of personal data that the PNR directive allows to collect, store and analyse is indeed striking. The data will be stored for 4 to 5 years: 6 months with all personal information immediately available, and the remaining 3.5 to 4.5 years partially ‘masked’, in a depersonalized format that can be still reversed into the original in specific cases. Given this vast amount of personal data intended for further analysis by law enforcement authorities, it does not surprise that the directive has been described as ‘the name of big data surveillance coming to Europe’6. 4 Council Directive (EU) 2016/680 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (Law Enforcement Data Protection Directive). 5 Council Directive (EU) 2016/681 of 27 April 2016 on the use of passenger name record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime (Passenger Name Record Directive). 6 Rocco Bellanova, ‘The Discreet Charm of Passenger Data: Big Data Surveillance Coming Home’ (PRIO Blogs, 14 January 2016) <blogs.prio.org/2016/01/the-discreet-charm-of-passenger-data-big-data-surveillance-coming-home> accessed 19 May 2016; European Data Protection Supervisor, ‘Opinion 5/2015: Second Opinion on the Proposal for a Directive of the European Parliament and of the Council on the use of Passenger Name Record data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime’ (24 September 2015).
”
given this vast amount of personal data intended for further analysis by law enforcement authorities, it does not surprise that the directive has been described as ‘the name of big data surveillance coming to Europe’
As shown above, all three acts, the new GDPR, the LEDP Directive and the PNR Directive, aim to regulate big data analytics to some extent, but the question remains whether they are in fact able to face the new challenges posed by big data. In this contribution, we illustrate the matter through two case studies: the use of social media data by the pharmaceutical industry and the use of booking data from airlines by member states for the purposes of law enforcement. Then, we turn to the legal analysis and discuss how data protection principles explicated in the three legal acts function in the big data world. We limit our study to the principle of purpose limitation and specification and to the provisions related to data subject rights.
International Focus Programme Almanac | 9
Academic Vision
CASE STUDY 1: HOW OUR FACEBOOK DATA DRIVE THE INDUSTRIES Real-time information collected from social media is a valuable data source for the several industries. In the pharma sector social media monitoring and analytics has become one of the latest trends. When social media data is combined with historical data obtained by third party vendors and results from clinical trials, it helps scientists identify non-obvious correlations and predict who is at risk of diseases earlier, which may eventually lead the way to a new medicine7. For example, the US developed tool MedWatcher combines social media data, such as social networks’ application program interfaces (APIs), public information and the data generated on online patient forums. By using data mining tools it is able to translate the data, mostly collected as random phrases, into a meaningful language8. In this way Med Watcher leads to improvements in the health sector and help discover much needed medicines. 7 Richard Sloane et al., ‘Social media and pharmacovigilance: A review of the opportunities and challenges’ (2015) 80 (4) British Journal of Clinical Pharmacology 910-920 DOI:10.111/bcp.12717. 8 See the website of Medwatcher <https://medwatcher.org>.
However, not all the uses are socially beneficial. An example would be social media surveillance of someone chatting on social networks about missing work due to migraines and falling behind with mortgage payments as consequence: these facts could be used as dark data for scoring consumers – negatively and out of context – in a variety of ways9. In carrying out their social-media monitoring, data analytics tools manage vast amount of personal data. What is more, most of this data consists of sensitive healthrelated personal information. However, as this data has been publicly disclosed on the social media, under the US legal system their legal obligations are minimum. In addition, ‘unless and until a patient shares user-generated data with a HIPAA-covered entity [which is the case for social media providers, HU], that information is not covered by HIPAA’, as Sarasohn-Kahn notes10. A similar social media monitoring tool is soon to be launched in the EU, where data protection law is considerably stricter11. According to the GDPR social media providers should inform users about sharing the data with third parties and give them rights to control data flows12. However, the new data protection regulation allows for a lenient regime for data processing, which is linked to scientific research in public interest13. Could or/and should social media monitoring also fall under this exception? If not, how could data protection principles remain intact in this data-driven environment?
CASE STUDY 2: PNR Imagine the following: for a much needed vacation you decide to go on a city trip to New York. You book a flight from Amsterdam Schiphol Airport, transfer at London Heathrow, to New York JFK and back. In the booking process you give your full name and address, passport details and contact details. Then, you are asked whether you would like to reserve a seat. Since the airline does not charge for it, you go ahead and book seat 24D from Amsterdam to London, seat 27A from London to New York, seat 22B from New York to London and 9 Jane Sarasohn-Kahn, ‘Here’s Looking at You: How Personal Health Information Is Being Tracked and Used’ (California Healthcare Foundation, 2014) 8. 10 Jane Sarasohn-Kahn, ‘Here’s Looking at You: How Personal Health Information Is Being Tracked and Used’ (California Healthcare Foundation, 2014) 9. 11 First steps to its deployment were made in the course of the WEB-Radr project, launched in 2014 <https://web-radr.eu/>. 12 General Data Protection Regulation, art. 12. 13 General Data Protection Regulation, art. 89.
10 | International Focus Programme Almanac
Academic Vision again 24D from London to Amsterdam. The airline asks whether you would like an extra suitcase, and since the weather is unstable and you decide to stay longer than a week, you book an extra suitcase to fit all your clothes and shoes. You can also reserve special meals, and therefore you reserve a kosher meal to be served between London and New York.
”
the opportunity of big data to come up with new, innovative uses which reach beyond the initially approved purpose of data collection is in conflict with the intention of data protection laws and watchful individuals
What you may not know (unless you are an interested law student) is that the European Parliament approved the Passenger Name Record Directive. According to this directive air carriers are obliged to give their Passenger Name Record (PNR) data from inbound and outbound flights between member states and non-EU states to the so-called Passenger Information Units (PIU).14 PIUs are especially set up by each member state to collect, store and analyse the data. A member state may extend the air carrier’s obligation to communicate PNR data to flights within the EU.15 PNR data concerns any information, from name to seat number, used to process and control the booking.16 In your case, your itinerary, personal details and even your seat and luggage information are given from the airline to the PIU of the United Kingdom – and possibly to the Netherlands if the Netherlands has extended the scope of the directive to EU flights as well. 14 Passenger Name Record Directive, art. 4. 15 Passenger Name Record Directive, art. 2. 16 Passenger Name Record Directive, art. 3(5). For the list of passenger name record data, see Passenger Name Record Directive, Annex I.
The PIUs will analyse the data for the ‘purposes of preventing, detecting, investigating and prosecuting terrorist offences and serious crime’.17 After six months the data is stripped from personal information, and disclosure of the full PNR data is only permitted when it is necessary, on a case-by-case basis, for law enforcement in the areas of terrorism and serious crime and when it is approved by a judicial or other national competent authority.18 The data will be retained for a period of 4 to 5 years. While it is true that this data will be masked out, it will remain identifiable. As the European Data Protection Supervisor (EDPS) notices, the EU legislator has not given sufficient reasons why the data needs to be retained for another 3.5 to 4.5 years.19 With the provision allowing for data processing in a specified, yet relatively open purpose – prevention, detection, investigation, prosecution of terrorism and serious crime – the question arises whether the PNR directive is really in line with the fundamental principles underlying data protection.20 Another question is to what degree passengers are or should be aware of the regular surveillance and whether they are able to exercise any control over their data.
APPLYING DATA PROTECTION PRINCIPLES IN THE BIG DATA ERA In the case studies we can observe two patterns, both related to big data. First, the opportunity of big data to come up with new, innovative uses which reach beyond the initially approved purpose of data collection is in conflict with the intention of data protection laws and watchful individuals. Second, processing data on a large scale behind the scenes, makes it difficult if not impossible for individuals to trace and control data flows.21 The next section explains in more detail why we think these two patterns can be in conflict with the data protection postulates and deserve more attention. 17 Passenger Name Record Directive, art. 1(2). 18 Passenger Name Record Directive, art. 12. 19 European Data Protection Supervisor, ‘Opinion 5/2015: Second Opinion on the Proposal for a Directive of the European Parliament and of the Council on the use of Passenger Name Record data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime’ (24 September 2015) 7. 20 European Data Protection Supervisor, ‘Opinion 5/2015: Second Opinion on the Proposal for a Directive of the European Parliament and of the Council on the use of Passenger Name Record data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime’ (24 September 2015) 11. 21 See on the concept of transparency and the ‘invisible visibility’ of citizens and consumers Esther Keymolen, Onzichtbare Zichtbaarheid. Helmuth Plessner ontmoet profiling (Rotterdam, 2007).
International Focus Programme Almanac | 11
Academic Vision THE PRINCIPLE OF PURPOSE LIMITATION AND SPECIFICATION The principle of purpose limitation set forth in Article 5(b) of the GDPR requires that the data is only used for a purpose compatible with the one for which it was collected. Controllers have to determine the purpose of processing before the processing of data starts.22 Regardless of which type of legal basis has been chosen to justify the processing (be it consent, contract or any other), it will only be valid for this specific purpose. For instance, consent will count as valid only for the cases of data use and reuse, which the controller communicated at the moment of the data collection. In practice, it is unlikely that all possible reuses can be defined or predicted in advance. Admittedly, data reuse can be included in the purposes specified by the data controller by using a broad purpose formulation. Social networks’ data use policies typically lack specificity, both with regard to the data the networks collect as well as with regard to how they use this data. For instance, Facebook’s privacy policy from 2015 only identifies categories of purposes by using vague descriptions such as ‘Provide, Improve and Develop Services’; ‘Promote Safety and Security’, ‘Show and Measure Ads and Services’.23 It is not difficult to see how easy it would be to subsume several secondary data uses under those descriptions, including behavioural advertising and sharing the data with third parties as described in the first case study. However, this can be seen as circumventing the intention of the legislator and processing based on such formulation can be considered illegitimate. Although in the age of big data the principle of purpose limitation is seen as onerous, it is a necessary barrier to excessive data use, profiling and analytics. Careful observance of the purpose limitation has been stressed by the EDPS as one of the key decisions of accountable organizations.24 The GDPR offers a detailed guidance for those that carry out secondary processing of personal data. The judgment on the compatibility of processing should be based 22 Article 29 Data Protection Working Party, ‘Opinion 03/2013 on purpose limitation’ (00569/13/EN WP 203) 15. 23 Brendan van Alsenoy et al., ‘From social media service to advertising network: A critical analysis of Facebook’s Revised Policies and Terms’ (2015) <https://www.law.kuleuven.be/ icri/en/news/item/facebooks-revised-policies-and-terms-v1- 2.pdf>. 24 European Data Protection Supervisor, ‘Opinion 7/2015, Meeting the challenges of big data: A call for transparency, user control, data protection by design and accountability’ (19 November 2014).
12 | International Focus Programme Almanac
on the following criteria: (a) links between the purposes for which the data have been collected and the purposes of the intended further processing; (b) the context in which the data have been collected; (c) the nature of the personal data; (d) the possible consequences of the intended further processing for data subjects; (e) the existence of appropriate safeguards.25 Another form of the compatibility assessment was proposed by Article 29 Data Protection Working Party in the Opinion on purpose limitation. The Party suggests a combination of a formal assessment, focused on the comparison between the purposes provided by the controller and actual data reuse and subjective assessment, focused on the context and the way the purposes can be understood, to determine the compatibility of data reuse.26
”
conveying adequate information to an individual not only indicates fairness of processing, but is also an indispensable source of transparency and individual involvement ... the processing of big data can challenge the reasonable expectations of privacy that data subjects may have
The principle of purpose limitation is also reflected in the LEDP Directive and PNR Directive. Art. 4(1) of the LEDP Directive determines that the personal data must be collected for specified, explicit and legitimate purposes and should be adequate, relevant and not excessive in relation to these purposes. The PNR Directive narrows the purposes for processing 25 Article 29 Data Protection Working Party, ‘Opinion 03/2013 on purpose limitation’ (00569/13/EN WP 203) 15. 26 European Data Protection Supervisor, ‘Opinion 7/2015, Meeting the challenges of big data: A call for transparency, user control, data protection by design and accountability’ (19 November 2014).
Academic Vision PNR data by PIUs in art. 6(2). PIUs may assess passengers in order to identify persons for examining whether they are involved in terrorism or serious crime. Secondly, the PIUs can respond to a request from competent authorities to provide or process PNR data for the purposes of preventing, detecting, investigating and prosecuting terrorist offences or serious crime. Finally, PIUs can analyse PNR data to update or create new criteria for the assessment of passengers. An important aspect of the purposes specified in the PNR Directive is the interpretation of ‘terrorist offence’ and ‘serious crime’. At first, the provisions were different, namely for ‘terrorist offence or serious transnational crime’. This resulted in heated discussions, objecting to the directive’s broad scope.27 For example, the MP Jan Albrecht called the directive a ‘grave departure of the constitutional right to innocence’ and ‘an unacceptable paradigm shift’.28 As a result of this wide disapproval, the first proposal by the Commission was rejected by the European Parliament’s Civil Liberties Committee in 2013. The new proposal still met criticism, since the provisions specifying the purpose were not changed. The EDPS expressed that the PNR Directive should include 27 See for example Justine Chauvin, ‘EU-PNR directive: Overlooking EU fundamental rights will not make Europe safer’ (Politheor, 9 January 2016) <politheor.net/eu-pnr-directive-overlooking-eu-fundamental-rights-will-not-make-europe-safer/> accessed 20 May 2016. 28 EurActiv, ‘MEPs reject EU passenger data storage scheme’ (EurActive.com, 24 April 2013) <www.euractiv.com/section/digital/news/meps-reject-eu-passenger-data-storage-scheme/> accessed 20 May 2016.
precisely defined crimes, and that the text should mention that the PNR data could only be used for the purposes mentioned.29 In the final version the PNR Directive only mentions ‘terrorist offences’ and ‘serious crimes’. The latter is in itself a broader provision, but it includes an annex with a list of 26 broadly described categories of offences. It therefore limits the purpose of the PNR Directive, yet many crimes fall under the description. However, a balance has to be found between security and data protection – it may well be that a narrower description would leave the directive unworkable. Nevertheless, since the scope of the directive is broad – namely the processing of every passenger’s data – it is important to delineate the purpose as much as possible, especially since it is a secondary use of the passenger’s data. DATA SUBJECT CONTROL AND THE RIGHT TO INFORMATION The GDPR contains an amended setup of data subject rights. While its predecessor the Data Protection Directive listed the rights under art. 12 and, somehow confusingly, grouped them as rights to access, the regulation takes a much more structured approach. Chapter 2 of the GDPR splits the rights into different groups including 29 European Data Protection Supervisor, ‘Opinion 5/2015 Second Opinion on the Proposal for a Directive of the European Parliament and of the Council on the use of Passenger Name Record data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime’ (24 September 2015) 8.
International Focus Programme Almanac | 13
Academic Vision the right to access, the right to rectification, the right to be forgotten, the right to restriction of processing, data portability and the right to object, starting with the transparency requirement and the right to information. Conveying adequate information to an individual not only indicates fairness of processing, but is also an indispensable source of transparency and individual involvement. As pointed out by the UK Information Commissioner’s Office (ICO), the processing of big data can challenge the reasonable expectations of privacy that data subjects may have.30 An example would be the purchase of health data from a social media provider by a data broker or an insurance firm, as explained in the first case study above. With the modern data mining tools, they are able to extract information that proves very onerous for an individual (and this can even happen without identifying the individual by name). When information on data reuse is absent, a user may not be aware how his data is shared nor may he expect such a trade.31 Only after receiving clear information the data subject is able to invoke his ‘core’ rights such as right to access, erase and object.32 Informing a data subject about data uses restores the balance between the right of the individual to have control over his or her data and the flexibility required for businesses to develop, innovate and make best use of the vast amount of data generated online and offline. A similar situation can be observed in the second case study. The PNR directive recognizes the rights of access, rectification, erasure and restriction and rights to compensation and judicial redress as provided by the LEDP Directive. However, it does not mention the right to information as provided by art. 14 LEDP Directive, although recitals 29 and 37 of the PNR directive mention that ‘Member States should ensure that passengers are provided with accurate information that is easily accessible and easy to understand about the collection of PNR data, their transfer to the PIU and their rights as data subjects’. 30 Information Commissioner’s Office, ‘Big data and data protection’ (2014) <https:// ico.org.uk/media/for-organisations/documents/1541/big-data-and-data-protection.pdf> accessed 20 May 2016. 31 European Data Protection Supervisor, ‘Opinion 7/2015, Meeting the challenges of big data: A call for transparency, user control, data protection by design and accountability’ (19 November 2014). 32 Data Protection Directive, art. 12.
14 | International Focus Programme Almanac
It is unclear why the PNR Directive does not formulate a right to information as such. In the first proposal by the European Commission in 2011 air carriers, agents or ticket sellers were obligated to inform the passengers.33 Yet, in the final version of the PNR Directive this requirement is left out – only when the passenger’s privacy is adversely affected the passenger is informed.34 It is therefore difficult for passengers to invoke their rights as data subjects, since adequate information is a precondition for data subject control. Since the PIUs collect every passenger’s data, it is especially important that the conditions under which the passengers are informed are evident. After all, no passenger can opt out, unless they choose to stay where they are.
CONCLUSION Many renowned academics have questioned the validity of data protection principles in the big data era. The recently approved legislative package, which we described above, oppose those doubts and indicates that the EU legislator stands behind the idea of the principle of purpose limitation and data subject rights. However, this is not to say that we should expect no struggles in the future. On the contrary, we think that more academic and practical discussion will be needed to find the right approach to apply data protection rules to big data analytics and related practices. As illustrated by the case studies, we foresee two types of challenges: on the one hand data processors will need to make sure that they correctly implement the purpose limitation principle, and are able to do so. On the other hand, data subjects need to be provided with sufficiently clear information since that is a precondition for other rights. Moreover, data subjects need to comprehend and embrace those rights granted by law. Finding the right balance between the great opportunity that big data analytics creates for our economy, health and security, and the deterioration of personal privacy and data protection for the same reason seems to be the future challenge for big data users in both, the commercial and the law enforcement sector. 33 Commission, ‘Proposal for a Directive of the European Parliament and of the Council on the use of Passenger Name Record data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime’, COM (2011) 32 final 2011/0023 (COD) C7-0039/11, art. 11(5). 34 Commission, ‘Proposal for a Directive of the European Parliament and of the Council on the use of Passenger Name Record data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime’, COM (2011) 32 final 2011/0023 (COD) C7-0039/11, art. 13(8).
Academic Vision
Media Law and International Human Rights
Jessica Allen President, ELSA Nottingham 2015-2017 Vice President for Academic Activities, ELSA United Kingdom 20162017
Which contemporary international human rights issue resonates the most with you? For me, as the author of this article, it’s the freedom of expression. As highlighted by Geoffrey Robertson QC in his critically acclaimed history of human rights law, Crimes Against Humanity, freedom of expression ought to be considered as pivotal a right as ‘international attention and action against human rights abuses cannot be aroused without it.’1
ELSA delegations are unique experiences, which offer members the opportunity to represent the association during conferences or council sessions organised by core international organisations. Those selected are invited to sit as delegates alongside both national delegates and representatives of renowned NGOs, and, in attending, are given the chance to witness how decision and policy making works in an international environment. Through this, perhaps most importantly, students are enabled and encouraged to develop their understanding of current issues arising around the world. In July 2014, I was incredibly fortunate to be selected by ELSA International to attend a delegation to the United Nations Human Rights Council (UNHRC) in Geneva that September. I had applied to this delegation in particular as, lacking the credits to choose optional law modules, I felt the scheme would introduce me to international human rights law. Together with four delegates from France, Austria, Ro1 Robertson, G, Crimes Against Humanity (4th Edn, The New Press, New York 2013) 140.
mania and Greece, I was given free rein to attend any event that piqued my interest, made easier by the variety of niche panel discussions and informal consultations taking place. Side events organised by non-governmental organisations (NGOs) were ongoing throughout the week, centred predominantly on three key victims of contemporary international human rights violations: children, journalists, and both religious and sexual minority groups. It was after attending various panel discussion on the topic that I realised my focus had naturally honed in on the need to end impunity against journalists. Article 19 of the Universal Declaration of Human Rights and of the International Covenant on Civil and Political Rights states in subsection 2 that: “Everyone shall have the right to freedom of expression; this right shall include freedom to seek, receive and impart information and ideas of all kinds, regardless of frontiers, either orally, in writing or in print, in the form of art, or through any other media of his choice.” Following the news of the brutal beheading of an Israeli-American journalist, Stephen Sotloff, by Islamic State militants in Syria, it had become evident that this right was being consistently violated and was unsurprisingly afforded significant attention by the UNHRC; indeed it was at this very session of the UNHRC that Resolution A/HRC/27/L.7 on the Safety of Journalists was passed. Moreover, NGOs such as ‘Article 19’ (deriving its name from the declaration) were proactively leading a number of panel events highlighting the dangers of foreign journalism and it was a key theme of the annual Geneva Peace Talks. The impetus behind such focus was eloquently highlighted at the UNHRC by Dunja MijaInternational Focus Programme Almanac | 15
Academic Vision tović, a representative for the Organisation for Security and Cooperation in Europe (OSCE): “attacks deter and sometimes prevent journalists from exercising their right to seek and disseminate information and deprive all of us of the right to know and to access information.” The targeting of journalists is thus not only an infringement of the victims’ human rights but those of society as well. The issue is unquestionably in serious need of redress, as discussed in an article I wrote for the UK Human Rights Blog upon my return titled ‘Journalists’ Safety and the UN’. Unfortunately, since my attendance to the UNHRC, further attacks have been made on journalists and the freedom of expression. The most infamous of these reason attacks is arguably the Charlie Hebdo shootings which happened on 7th January 2015 in Paris, France. On that morning, two brothers forced their way into the offices of the French satirical weekly newspaper and killed 11 people, with 11 others left injured. Al-Qaeda in the Arabian Peninsula (AQAP) openly claimed responsibility for the attack, and claimed that the motivation was to preserve the sanctity of the Islamic prophet Mohammed after Charlie Hebdo published an edition with a controversial depiction of him. However, contrary to their intention to weaken the magazine and media, this resulted in a mass display of moving solidarity; of national and international unity which personified the French national motto of liberté, égalité, fraternité. More than 40 world leaders and two million citizens met in Paris less than a week later, whilst other local communities throughout the world organised similar demonstrations. The phrase ‘Je Suis Charlie’ became a slogan for the movement and pencils were raised to the air as a sign that the freedom of expression is not so easily subdued. Whilst the event directly undermines the envisioned impact of Resolution A/HRC/27/L.7, it was perhaps the first occasion where a violation of the freedom expression had avoided the unintended and previously inevitable personal16 | International Focus Programme Almanac
isation of the issue; that is to say that, as well as mourning those individuals who lost their lives, the shootings were rightly recognised by world leaders and citizens as a wider attack on the freedom of expression itself. Over nine months later, in October 2015, the Council of Europe addressed this issue in Strasbourg by hosting a conference on ‘Freedom of expression: still a precondition for democracy?’ As a law student on exchange to Université Toulouse Capitole 1 in France already, I elected to apply for a further delegation to this conference given I have developed a particular research interest in this area. With unprecedented luck, I was delighted to discover that I would have the pleasure of representing ELSA for a second time with members from Greece, Ireland, Spain and Italy. More importantly, though, I felt incredibly fortunate to have been given an invaluable opportunity to further understand the complexities of the international human rights law surrounding this issue in this area and to follow significant legal developments in real time.
Academic Vision
The Right to be Forgotten
We live in a digital age where everything is recorded and often without the consent of people. Big Internet services in the world such as Google and Yahoo have about 10 billion searches every month.1 They know every minute of the online behavior of the Internet users. EvStavroula Chaloulou erything is recorded, for example LL.M. Graduate, Georg August Unversity of the photos we post on Facebook, Göttingen the preference by pressing Like on Facebook, which exact websites we search every time. For that reason it is expressed that “you are what Google says you are”. This is because all personal information will be displayed as a life sketch when entering someone’s name in a Google Search.2 In view of these problems, the need for one solution to the problem of a constant availability of personal information, and in a time of unbearable memory, the right of a person to forget his digital past lead to the establishing of the right to be forgotten. In the following, it this right will be presented, what it means, what exactly it is based on in terms of European legislation, and at the end there will be a practical part in which one can see how exactly this right works and what can be done about it. THE CAUSATION OF THE RIGHT TO BE FORGOTTEN How did the conversation of the right to be Forgotten start? That is the question that someone could think. Mayer-Schönberger, Delete die Tugend des Vergessens in digitalen Zeit, 2010, S.17. 2 Angelo, You Are What Google Says You Are, Wired, Nov.2,2009, in : http://www.wired.com/business/2009/02/you are-what-go/ . 1
Why, in the last two years everyone read about this right. The cause was the action of Mario Costeja to the Spanish judgment and then to the European Court. Costeja found that by writing his name in the Google search engine, in the results appeared one inclusion in one newspaper of 1998 relating to his property, which was going to be auctioned off due to debts of his pension funds. The Google bots, which constantly scan the Internet for new information, had identified the registration when the archive of the newspaper was digitalized. Costeja then asked Google to remove the link arguing that the debt had long been paid, and in this way this information defamed him. The case was referred to the Court, who ruled in favor of the right for people to ask from the search machines that they were to remove concrete results for queries that included their name and the protection of privacy precedes the right of information.3 THE INTRODUCTION OF THE RIGHT TO BE FORGOTTEN TO THE NEW DATA PROTECTION REGULATION On 25.01.2012 the European Commission produced the new draft of the Regulation about Data Protection, which was an amendment of Directive 95/46 EC.4 The right to be Forgotten is included in Article 17 of the Regulation and especially in the first paragraph the conditions of the right are referred. In particular, the right can be exercised when (a) the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) the data subject withdraws consent on which the processing is based ac3 4
European Court of Justice, C-131/12. KOM (2012), 11. International Focus Programme Almanac | 17
Academic Vision cording to point (a) of Article 6(1), or when the storage period consented to has expired, and where there is no other legal ground for the processing of the data; (c) the data subject objects to the processing of personal data pursuant to Article 19; (d) the processing of the data does not comply with this Regulation for other reasons. THE SEEKAREA The right to be forgotten includes personal data, it has agency and receiver, and it is linked to the timing and subject to some restrictions. All of these topics will be discussed in the following. PERSONAL DATA The right to be forgotten refers only to personal data. Personal data are in accordance with the jurisprudence of the ECtHR data relating to a natural person. They include not only conventional data such as name or address, but also for instance video data or genetic characteristics. Thus one can say that the personal data on the identity of a person enlighten. 5
5
Ehmann/Helfrich, Kommentar zur DSRL, 1999, Art.2 Rn 17.
18 | International Focus Programme Almanac
FACTOR OF TIME The right to forget is related to a time. The Court relied on Article 6 § 1 c-e of Directive 95/46 / EC after. “[If], no longer are the data for the purposes for which they have been collected or processed required. This is especially the case if they do not comply with these purposes in view of the time elapsed, it is not or are no longer relevant or go beyond it.” 6 The deletion of data may be required only after the lapse of time. As asserted by the court, to remove the data from the search engine providers is only necessary, but not in the fact that the storage of personal information has led to a loss.7 THE RESPONSIBLE BODY OF THE RIGHT By the term of proposals from the Regulation the responsible of the right is the person who can be assigned to the data. That is, the natural person whose identity is known or referred to in Article 4.1. can be found out. 6 7
EuGH, Urteil vom 13.05.2014, JZ 2014, 1009, 1016, Rn 93. EuGH, Urteil vom 13.05.2014, JZ 2014, 1009, 1016, Rn 97.
Academic Vision THE RECEIVER OF THE RIGHT
ONLINE FORMA
The receiver of the right is the responsible of data processing. From this person the person concerned with personal data cannot only demand its deletion but also the non-processing. The proposal of the Regulation, includes the similar term about those who are responsible for data processing as defined in Directive 95/46 / EC formulated. Article 4.5 of the proposal reads: “for processing is responsible, the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes, conditions and means of the processing of personal data; are the purposes, conditions and means of the processing of personal data by national or Union law specified, the data controller or the details of its designation to be determined by national law or Union law.”
As first step someone has to fill this form.8
RESTRICTIONS As fundamental right falls also the right to be forgotten under some restrictions under Article 52 para. 1 Charter of Fundamental Rights. In particular: any limitation on the exercise of the rights and freedoms recognised by this Charter must be provided for by law and respect the essence of those rights and freedoms. Subject to the principle of proportionality, limitations may be made only if they are necessary and genuinely meet objectives of general interest recognized by the Union or the need to protect the rights and freedoms of others.
”
the need of one solution to the problem of the constant availability of personal information ... led to the establishment of the right to be forgotten
Then when this form is submitted it is sent the following answer: Hi, Thanks for reaching out to us! We have received your legal request. We are currently building our system for removing links from our search results according to EU data protection law. In the meantime, your message is in our queue. Once we have our system up and running, we’ll process your request as quickly as our workload permits. Regards, The Google Team.9 EPILOGUE The Right to be Forgotten is one the most important steps in the part of Data Protection. Of course the big Internet companies like Google are opposed to this right because that means that it will exist a limit to the post and also it demands a spending of time and a specialized group to handle this. It could be said that the freedom of information is also an important and fundamental right but there is however one more basic right, the right to privacy. Because of this conflict each case should be treated individually and it should be suitable to the balance of the rights. https://support.google.com/legal/contact/lr_eudpa?product=websearch&hl=de. 9 http://searchengineland.com/google-right-to-be-forgotten-form-192837 8
International Focus Programme Almanac | 19
Academic Vision
Notes on (freedom of) opinion and expression
In this paper I want to focus on freedom of opinion and expression, in order to outline some elements that I consider basic about the so-called Network Society, which has its own basis on the idea of digital panopticon. You may wonder: how can you move from analysing of the freedoms (of Fabio Corigliano opinion and expression) to the repPhD student in Law, resentation of a non-free society, a University of Padua, Italy panoptic society? How can you draw a line leading from the claim of elementary faculty to substantial auto compression of them through a kind of everlasting tendency to voluntary servitude - to use the term of Etienne de La Boètie?? I’m not able to tell you if I can give an answer to these questions, but at least I’ll try, because I am convinced that your idea of studying Media Law, in your most recent researches, is absolutely encouraging: Media law in fact, philosophically speaking, is the general law, the principle, the foundation, the fundamental structure of the law - understood as a relation of human beings – in the internet era. Studying the fundamental structure, which as you say rightly, has strong implications in the ways of democratic life (or at least in the normal ways of democratic life), means trying to understand our present avoiding the enslavement to that fundamental structure, which, this can be said right away, possesses such a magnetic power (an electromagnetism, we may say jokingly). This is what might be called its totalitarian aspect, the aspect that is causing the total mobilization (in the sense of German totale Mobilmachung), which, with all due respects to Maurizio Ferraris, is absolutely definable as a spiritual trend that our time, our era, has led to the extreme consequences, deriving its assumptions by the ways of being of modern politics - and therefore of modern thought. 20 | International Focus Programme Almanac
In this sense, in the sense of deriving this spiritual trend of modern foundation of politics and law, we should start with the analysis of freedom of opinion and expression. The first problem we encounter is definitional. In fact, since there is obviously a close analogy between freedom of opinion and freedom of thought, freedom of expression and freedom of speech, it is not clear why the various terms are so chaotically formulated in constitutional documents that have introduced the topic in the modern era. In fact the common parentage of those rights of freedom (opinion, thought, expression, speech and expression of thought) with freedom of religion, for example, according to Ruffini is the demonstration of the common grammar of any right of freedom (probably referring almost exclusively to the grammar of the first generation rights as freedom-from rights), it should be noted that only some constitutional documents refer to freedom of expression, while in other texts you can find the expression freedom of opinion, free speech or freedom of the press. Then, what is the difference between these forms of freedom? And above all, does it make sense to draw a distinction, since, according to positivistic conception of law, human rights must be protected and not founded or justified (Bobbio)? Let’s take a look at the provisions of one of the basic texts on the subject of freedoms and rights, which continues to pose questions which could be called unsolvable as the eternal dilemma of human freedom: I refer to the Universal Declaration of Human Rights of 1948. The Universal Declaration provides in Article 18 that “everyone has the right to freedom of thought, conscience and religion” – so, opinion? - and also the freedom to change his religion or belief, but everyone has also the
Academic Vision “freedom, either alone or in community with others and in public or private, to manifest his religion or belief in teaching, practice, worship and in observance”, with which is possible to separate thought and conscience of religion, creating a sort of double track which also could be theologically justified: it is necessary to separate what is connected by a truthful system such as religious tension, as what instead it has an uncertain look, as thought and therefore precisely the opinion. It is not clear why the same article refers to freedom of expression of religion and the “belief ” but not to freedom of expression – even if it’s not clear the separation between religion and “belief ”: so, what is a “belief ”? We can also observe that at the present the supposed absolute freedom of expression, either alone or in community with others (and teaching of their faith or religion) would seem absolutely impossible. You can simply consider the debate following the tragedy of Charlie Hebdo. Let’s also think of the ever-present discussion on freedom of expression of an undemocratic thought (in this sense, just think of the fruitful opposing analysis of Esposito and Paladin in Italian public law doctrine). So, article 19, would seem to completely resolve any hermeneutical problem: “Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers”. But in fact, compared to the article 18 it could raise some doubt: opinion and expression are two distinct elements? And above all, are they distinguishable from thought and conscience? What would be the distinguishing criterion? Article 18 refers to the matter with content truthful (the Kantian reason, in short, distinct from the Kantian intellect) while Article 19 refers exclusively to doxa, the opinion, the belief in the Platonic sense, as to what need not be based on statements of truthful character? Associating the assumption of departure of Harry Wellington, who in 1979 questioned whether to venture out in the analysis of freedom of expression, the reason I do so is not so much exegetical (as it might seem from the first paragraphs of this report), but has to do with something that I consider important in the reflection on contemporary forms of manifestation/representation (in the sense of German Darstellung).
”
if this is the view of individualism that has formed the backbone of the whole movement for human rights in modern times, what about the expression in the era of the inversion, the inversion between the communication systems as an apparatus available to man, to man as subordinate to the needs of communication (and recording) systems? International Focus Programme Almanac | 21
Academic Vision Let’s start - and end - by the terms. Opinion, you know, is the Platonic doxa. Platonic doxa is the opinion of the “inhabitants” of Plato’s Cave, who have no direct experience of the facts, but only indirect experience, reflected by the appearance of the things that become shadows on the cave wall to the inside of which they are locked. The meaning is clear: there are various modes of knowledge, among which the poorer, the lower, is precisely that of the inhabitants of the cave, which means those who are imprisoned by their own prejudices and have only a distant idea of what happens in the world, prefer to rely on feelings and on appearances rather than on the knowledge of the things themselves, while the highest point of knowledge is made of that kind of knowledge - available only by/for a few men - which consists of an “immersion” in the light of ideas, which are the Truth. The opinion (doxa) then, it is really the lowest and coarse mode of knowledge (Plato would say even “despicable”, because it does not denote courage or bravery or tendency to freedom). Freedom of opinion is therefore the freedom to wander around in the maze of appearance, freedom to live unconsciously in the shadow of light, the shadows of true life. Try to think of our current “Selfies society” and our lives on social networks, which could be equated with Plato’s Cave: what is the sense of freedom of opinion in relation to Facebook? Does it correspond to the freedom to say what you want in an actual context in which decisions are not taken? Does it corresponds to free themselves of the rough ideas based on urges chosen by others, in the darkness of a knowledge not true of things and people, as happened in Plato’s Cave? The point is: if this is the view of individualism that has formed the backbone of the whole movement for human rights in modern times, what about the expression in the era of the inversion, the inversion between the communication systems as an apparatus available to man, to man as subordinate to the needs of communication (and recording) systems (the apparatus, or, in the terms of Martin Heidegger, the Ge-Stell)? That is, since it is currently the man to be subject to tools for expression, and not the other, and then place that freedom of expression could overlap with the freedom to use those tools without being used, what about freedom of opinion? What is the semantic and political opinion extension? Through it all, to understand the link between opinion 22 | International Focus Programme Almanac
and expression at the time of social networks, we must start from the idea that in the network society, “networks constitute the new social morphology of our societies and the diffusion of networking logic modifies the operation and outcomes in the processes of production, experience, power and culture. While the networking form of social organization has existed in other times and spaces, the new information technology paradigm provides the basis for its pervasive expansion throughout the entire social structure” (Castells). There is a social structure of new type, in which the expression occurs, the expression of opinions. Now, in a context in which, in the words of Bauman, there is a total cut off between the individual and society, how can one express a subject, a man who, forced to make a life characterized by the sharing of opinions in the Platonic sense, must try to manifest his freedom of expression, where each system is currently set up to let him looks pretty rock him do it in the impressions and appearances (and not in the truth) in order to extort more and more controlled by expressions by panoptic devices in use in the digital society? What is the real link between opinion and expression in the era of controlled expressions of opinions? Social networks have certainly transformed human relationships, and the space that ensued corresponds to an “externalization of thought” can realize the externalization initially produced by the appearance of the mass media: the so-called network society accentuates the fragmentation, and fragmentation of communications and relations (and therefore of the public space, in the sense of de-medialization). The space that results is neutral: everything has the same value because nothing has value. Everything is reproducible and nothing is questionable, everything is conceivable and nothing is ascertainable. What I would like to say, finally, is that is that the representative of the political mode, the mode through which each subject sees and frames the facts of life in order to situate them within what could be described as the public sphere, in the era of virtual reality, is strongly placed in crisis. The task of philosophy, or better, one of the greatest tasks of philosophy today is precisely to draw a dividing line to place the (uncontrollable) doxai raging in the space of relations in a theory able to save in the same time human spontaneity of life but also the necessary preparation for a serious analysis of human action, able to avoid what atrophies the possibilities for participation in democratic life in favour of a new and uncontrollable tendency to voluntary servitude.
Academic Vision
Technical-legal analysis of 1995 "Hackers" movie
Who is the real black hat hacker and the real criminal : Joey or The Plague?
The aim of this article is to watch the 1995 “Hackers” movie through two prisms: on one hand, a technical IT one, on the other hand, a legal one. This double readings is focused on main cyberattacks committed by a representative of each Sarah Markiewicz team which oppose in the movie: PhD student, Joey, for the teenager IT gang, and Centre de Recherche en Droit Public (CRDP), University of The Plague, for the Ellingson IT Montreal company. The objective of this article is to determine who is the bad guy regarding to technical IT aspects and legal aspects. The formers pay attention to how each representative and his acts are called in the hackers’ community. The latters require to use criminal law and above all, cybercriminal law, to give a legal translation of these cyberattacks
because in the IT world, cyberattacks are a form of cybercriminality.
INTRODUCTION In the 1995 “Hackers” movie1, Joey and his friends belonged to a young IT community. They do not have a political motivation for using their IT background, they actually pursue the aim of testing their IT skills2 by hacking attempts. Joey wants to get his friends’ respect and esteem so, he will show them what he is able to do with his IT skills. First of all, we are going to analyse the facts according to a technical perspective (I) before drawing a parallel with their legal interpretation (II).
1 <https://www.youtube.com/watch?v=QysUfzuVl-Q> accessed 23 July 2015. 2 <https://en.wikipedia.org/wiki/Hackers_(film)> accessed 8 June 2016.
International Focus Programme Almanac | 23
Academic Vision
I TECHNICAL FACTUAL ANALYSIS OF THE CASE STUDY In this case study, we have two main IT actors: the young teenager who is fond of Information Technology (A/) and the IT security officer who has a current legal task of monitoring the activity in the Ellingson company computer system and he has to fight against every external cyberattack (B/). We are about to qualify under the common IT definitions: them (1.) and their actions (2. & 3.). A/ JOEY’S BEHAVIOUR TECHNICAL ANALYSIS Joey tried to demonstrate his abilities in IT by entering the Ellingson supercomputer system named “The Gibson” and obtaining some data from it. We have to determine his status based on his technical qualification (1.) and qualify both of his two acts: entry into the system (2.) and collection of data (3.).
In the movie, Joey can be considered as just a “baby hacker” because his main goal is to be admitted by his peers as a talented hacker3 and not to understand how technically it works as a real hacker does in order to learn and improve his IT skills by his own4. Based on his knowledge in IT, it can be argued that he is a mere “scriptkiddy”, using ready-to-use software without anticipating their technical impacts5. The word “script” refers to the scripts created by other hackers and used by the novice hacker6 because he is not able to write it by his own7. In addition, “script-kiddies”, as beginners, are used to leaving evidence of their IT prowess such as IP address, … without knowing or thinking to clean their “e-prints” behind them8 which permits The Plague to know who tried to download the files. Their prowess does not go unnoticed because their actions are not methodic but gross9 such as a warning by breaking the Gibson firewall10.
1. Joey’s status Generally speaking, a hacker, often called “geek” by the society, is viewed as someone who uses his IT skills to test the computer system protection, overall, from big companies.
In another part of the movie, Joey revealed to his team that he hacked an ATM in a street which delivered bank notes for free but he did not plan to ask someone to be in front of the ATM to take them because his main goal is to manage to do so technically without any anticipation or consideration to the indirect effects11.
”
2. Joey’s entry into the Gibson We face to a sort of computer attack, often called “hacking” in programming, because it consists of breaking into a computer system12 due to the fact that the hacker does not have any authorisation, so, it is entering a computer system without any authorisation13. In this case, Joey attacked the Gibson, the Ellingson company supercomputer, from his own personal computer, that
in the movie, Joey can be considered as just a “baby hacker” because his main goal is to be admitted by his peers as a talented hacker and not to understand how technically it works as a real hacker does in order to learn and improve his IT skills by his own
24 | International Focus Programme Almanac
3 <http://www.computerhope.com/jargon/s/scriptki.htm> accessed 8 June 2016, <http://www.pctools.com/security-news/script-kiddie/> accessed 8 June 2016. 4 <https://securiteinformartique.wordpress.com/2011/11/12/les-types-de-piratage/> accessed 6 June 2016, <https://www.techopedia.com/definition/4090/script-kiddie> accessed 8 June 2016, http://security.stackexchange.com/questions/34400/what-is-the-distinguishing-point-between-a-script-kiddie-and-a-hacker accessed 8 June 2016, <http://www. pctools.com/security-news/script-kiddie/> accessed 8 June 2016. 5 <http://www.computerhope.com/jargon/s/scriptki.htm> accessed 8 June 2016. 6 ibid [3]. 7 <https://fr.wikipedia.org/wiki/Script_kiddie> accessed 8 June 2016, <http://www. computerhope.com/jargon/s/scriptki.htm> accessed 8 June 2016, <http://www.pctools. com/security-news/script-kiddie/> accessed 8 June 2016. 8 <https://www.techopedia.com/definition/4090/script-kiddie> accessed 8 June 2016. 9 <http://security.stackexchange.com/questions/34400/what-is-the-distinguishing-point-between-a-script-kiddie-and-a-hacker> accessed 8 June 2016. 10 ibid [2]. 11 ibid [2]. 12 ibid [3], <https://www.techopedia.com/definition/27859/hack-development> accessed 9 June 2016. 13 <https://securiteinformartique.wordpress.com/2011/11/12/les-types-de-piratage/> accessed 6 June 2016.
Academic Vision
means it is a direct cyberattack, process mainly used by the script-kiddies14. This type of cyberattacks gives the opportunity to come back to the cyberattack origin : the so-called hacker computer15 because he did not make a point of cleaning his e-footsteps online thanks to a Virtual Private Network, for example. That is why, when he entered the Ellingson system by breaking its firewall, a warning was sent to the IT department employee who informed the IT security officer : The Plague16. Because of this alert and his activity in the Gibson, the IT employee and security officer managed to track online Joey17.
3. Joey’s data collection from the Gibson To show his computer attack had worked, Joey needed to bring a proof and he copied on a floppy disk18 the four files contained in the Gibson garbage folder. In IT terms, this copy is called a “backup”. A back-up consists of copying data in case of file destruction or alteration19. 14 <https://www.securiteinfo.com/attaques/hacking/typesattaques.shtml> accessed 6 June 2016. 15 ibid. 16 ibid [2]. 17 ibid. 18 Ibid, ibid [3]. 19 <https://www.techopedia.com/definition/6122/backup-copy> accessed 9 June 2016, <https://www.techopedia.com/definition/1056/backup> accessed 9 June 2016, <http://
As Joey did it just for a temporary purpose, a proof of his computer attack, we can establish it is just a data retention containing e-records and not a long-term data storage containing potential archives. According to Dr. Filippo Novario, it seems to be more a “retention” than a “storage” 20 because Joey hid the floppy disk in the vent pipe of his bedroom21. In this case, we talk about a physical copy but due to a physical disconnection, his computer was unplugged without switching off it, during the downloading process, he got just a fragmented folder22.
SUBTRANSITION By copying the garbage files, Joey got a computer virus. When he was in trouble with the police and justice entities23, his friends reached to the conclusion that the computer virus led to a computer worm. The question is now: “Who is at the origin of this computer worm?”
www.computerhope.com/jargon/b/backup.htm> accessed 9 June 2016. 20 talk of Dr. Filippo Novario – ELSA Pisa Summer School on Cyber & Law (23/07/2015) 21 ibid [2]. 22 ibid, ibid [3]. 23 ibid [3].
International Focus Programme Almanac | 25
Academic Vision
B/ THE PLAGUE’S BEHAVIOUR TECHNICAL ANALYSIS The Plague, despite his function as Ellingson IT security officer, he is a previous hacker24, that leads to a question about his real position (1.). His past came back on the foreground because he created a computer virus discovered by Joey (2.) and implemented a computer worm in the Ellingson computer system to remove money from his company bank account (3.). 1. The Plague’s status In the light of the previous explanation about a hacker, we have to distinguish Joey’s hacker category from The Plague’s hacker category. The hacker creates IT tools, programs whereas the cracker breaks them25. The cracker does it by personal interest26 and not by passion for IT as a real hacker would do27. This personal interest is 24 ibid [3]. 25 <http://www.pctools.com/security-news/crackers-and-hackers/> accessed 8 June 2016. 26 <http://security.stackexchange.com/questions/34400/what-is-the-distinguishing-point-between-a-script-kiddie-and-a-hacker> accessed 8 June 2016. 27 <https://securiteinformartique.wordpress.com/2011/11/12/les-types-de-piratage/> accessed 6 June 2016.
26 | International Focus Programme Almanac
driven by dishonest intent such as a financial profit : criminal purpose28, like here. The Plague is more viewed as a cracker because his objective is to get money from his computer attack29: making regular bank transfers from the Ellingson bank account to his own account.
2. The Plague’s computer virus creation A computer virus is one type of malwares30. A malware is a malicious software developed in order to cause some damages to a computer system and by extension, to the computer system’s data: stealing data, adding unwanted programs, changing settings in absolute discretion without letting the target know about it31. 28 ibid [26], <https://www.techopedia.com/definition/10257/cracker> accessed 8 June 2016. 29 ibid [2]. 30 <https://www.techopedia.com/definition/55/file-infecting-virus> accessed 9 June 2016, <https://www.techopedia.com/definition/4015/malicious-software-malware> accessed 9 June 2016, <http://www.pctools.com/security-news/what-is-malware/> accessed 9 June 2016. 31 <https://www.techopedia.com/definition/4015/malicious-software-malware> accessed 9 June 2016, <http://www.pctools.com/security-news/what-is-malware/> accessed 9 June 2016, <http://www.computerhope.com/jargon/m/malware.htm> accessed 9 June 2016.
Academic Vision A computer virus is more precisely a computer program created so as to affect other computers; in the IT world, it is named “file-infected virus” 32. It inserts an infected code in a legitimate executable file33, called “host file”34, which is often a perished or sleepy file to hide the abnormal activity without warning the CEO35. Actually, the computer virus code was inserted into the garbage files, which play the role of host files36, which are, in fact, sleepy files because people do not open the garbage except for restoring a previous file, sent by accident or not, to the garbage. Contrary to a computer worm, a computer virus needs the human intervention to get its widespread effect by infecting other machines37, such as executing the computer program38. When Joey opened the infected files in the garbage, he saw mathematical formulas, which can represent the computer virus being loading and running39. Furthermore, leaving a computer virus is well-known as a typical cracker’s IT action40.
3. The Plague’s computer worm implementation A computer worm is also a malware41. A computer worm is defines as an autonomous computer program which can duplicate by itself, without any trigger event, and have a massive impact by manipulating data, for example42. In the case study, The Plague used the salami tactic, which emerged during the Second World War43 and consists of acting by steps, by layers at a small but regular basis and not through a huge and massive attack44. The salami tactic applied to earn money, called “penny shaving45”, can be stealing 1 cent per bank account per day could 32 <https://www.techopedia.com/definition/55/file-infecting-virus> (accessed 9 June 2016). 33 ibid, <https://en.wikipedia.org/wiki/Cyber-attack> accessed 9 June 2016, <http:// www.pctools.com/security-news/what-do-computer-viruses-do/> accessed 9 June 2016. 34 <http://www.pctools.com/security-news/what-do-computer-viruses-do/> accessed 9 June 2016. 35 Noël Pons, “Typologie de la fraude” (2009) 268 Banque stratégie 4, online : <http:// www.noelpons.fr/complement/banque_S%20n%20268_1.pdf> accessed 8 June 2016. 36 ibid, ibid [2]. 37 <http://www.pctools.com/security-news/what-do-computer-viruses-do/> accessed 9 June 2016, <http://www.computerhope.com/jargon/v/virus.htm> accessed 9 June 2016. 38 <http://www.computerhope.com/jargon/v/virus.htm> accessed 9 June 2016. 39 Ibid [2], <http://www.pctools.com/security-news/what-do-computer-viruses-do/> accessed 9 June 2016. 40 <http://www.pctools.com/security-news/crackers-and-hackers/> accessed 8 June 2016. 41 <https://www.techopedia.com/definition/4015/malicious-software-malware> accessed 9 June 2016, <https://www.techopedia.com/definition/4171/worm> accessed 9 June 2016, <http://www.pctools.com/security-news/what-is-malware/> accessed 9 June 2016. 42 <http://www.computerhope.com/jargon/w/worm.htm> accessed 9 June 2016. 43 <https://en.wikipedia.org/wiki/Salami_tactics> accessed 6 June 2016. 44 ibid, ibid [36], <https://en.wikipedia.org/wiki/Salami_slicing> accessed 6 June 2016. 45 <https://en.wikipedia.org/wiki/Salami_slicing> accessed 6 June 2016.
lead to 25 million dollars without swirls46 by adding an exponential increase of the amount stolen per day47. In the IT environment, a computer worm implemented, based on this technique, named “salami attack48”, makes it automatic by creating a program with some pre-set IT instructions. This technique benefits from a leverage effect because transferring regularly small amounts of money leads to a huge one by accumulation effect49. The key element is that acting by steps is unnoticed by the Ellingson company and painless by looking to the bank account total amount. Implementing an e-salami tactic requires some IT skills which only a computer programmer can get50. This point validates our statement about The Plague is a cracker because a cracker has deep IT knowledge and skills to do so51.
TRANSITION After analysing factual elements of this case study under an IT perspective, we will give a legal interpretation of them. II LEGAL FACTUAL ANALYSIS OF THE CASE STUDY Now, we are going to give a legal meaning to Joey’s IT actions (A/) and The Plague’s ones (B/) and qualify under the cybercriminality law. Concerning Joey’s IT actions, how can we consider the fact of hacking the Gibson (1.), staying into it (3.) and “stealing” data (2.) on a legal basis? The Plagues’s IT actions, in addition to the theft (3.), how is it viewed a computer virus creation (1.) and a computer worm implementation (2.), legally speaking? A/ JOEY’S BEHAVIOUR LEGAL PERSPECTIVE The very beginning of the case is connected to the teenager act with the intent to access the system of the company. He succeeded in doing so and managed to download a document as a proof of his hacking skills. 1. Joey’s entry into the Gibson: illegal access According to article 2 of the Budapest Convention on 46 ibid [2], ibid [3], ibid [36]. 47 ibid [2], ibid [36]. 48 ibid [45]. 49 ibid [36], ibid [45]. 50 ibid. 51 ibid [41].
International Focus Programme Almanac | 27
Academic Vision cybercrime from 23rd July 2001: “establish as criminal offences […], when committed intentionally, the access to the whole or any part of a computer system without right” 52, which is the equivalent of article 323-1 of the French Criminal Code53, entering into a computer system as the Gibson with a real intent to do so and no authorisation is prohibited. Joey is guilty of illegal access into the Gibson because he has the deep wish to show to his friends his IT skills, so, there is no doubt about his intent to enter the Gibson; so-called “mens rea” in criminal law. In addition, it was an unauthorised entry because the fact of breaking the firewall led to a security warning and Joey had no appropriate login and password to enter the Gibson54, which can be viewed as a permission to do so if they exist. In this case, the practical achievement of this will, so-called “actus reus”, is the entry into the Gibson under a pure technical point of view. This cybercriminal offence exists by its own and does not require another IT action such as downloading files.
2. Joey’s download files from the Gibson: unauthorised duplication The second sentence of article 2: “the offence [can] be committed by infringing security measures, with the intent of obtaining computer data or other dishonest intent, or in relation to a computer system that is connected to another computer system”, abovementioned, seems to consider the fact of obtaining computer data as an obvious consequence of the entry into a computer system55. The Budapest Convention plans into its article 4 another cybercriminal offence “when committed intentionally, the damaging, deletion, deterioration, alteration or suppression of computer data without right”, which means in case of offence against the integrity of computer data but not “stealing”, more exactly, “duplicating without any authorisation” of computer data56. If we have a look to the same section as the title 1 of the Budapest Convention called “Offences against the confidenti52 Budapest Convention on cybercrime of 23/07/2001, s 2 : <https://rm.coe. int/CoERMPublicCommonSearchServices/DisplayDCTMContent?documentId=0900001680080f0b> accessed 6 June 2016. 53 French Criminal Code, s 323-1 : <https://www.legifrance.gouv.fr/affichCodeArticle. do;jsessionid=A3ACE4DA7466766426C8C1DB4F6837F0.tpdila07v_1?idArticle=LEGIARTI000030939438&cidTexte=LEGITEXT000006070719&dateTexte=20160608> accessed 6 June 2016. 54 ibid [3]. 55 ibid [53]. 56 Budapest Convention on cybercrime of 23/07/2001, s 4 : <https://rm.coe. int/CoERMPublicCommonSearchServices/DisplayDCTMContent?documentId=0900001680080f0b> accessed 6 June 2016.
28 | International Focus Programme Almanac
ality, integrity and availability of computer data and systems” in the French Criminal Code whose name is “unauthorised access to automated data processing systems” there is a specific cyberoffence which deals with this unauthorised duplication in article 323-3 which was modified to include any type of cyberoffence against integrity of computer data such as “extracting, possessing, […], deleting or modifying” but also: “duplicating”57, since an act of 13 November 2014 whose goal is ot strengthen legal provisions linked to terrorism58. This article is the legal basis, in France, for a cybercriminal offence of “stealing” data which is, legally speaking, incorrect because stealing in criminal law implies to let the other party without his or her data. In the digital world, it is more often a case of copying data (creating his or her own copy) without disturbing the real owner’s possession and use.
3. Joey’s stay into the Gibson: remain into a computer system without any authorisation As we mentioned before, the illegal access into a com57 French Criminal Code, s 323-3 : <https://www.legifrance.gouv.fr/affichCodeArticle. do;jsessionid=A3ACE4DA7466766426C8C1DB4F6837F0.tpdila07v_1?idArticle=LEGIARTI000030939448&cidTexte=LEGITEXT000006070719&dateTexte=20160608&categorieLien=id&oldAction=&nbResultRech=> accessed 6 June 2016. 58 French act n°2014-1353 of 13 November 2014 to strenghen legal provisions related to the fight against terrorism, s 16 : <https://www.legifrance.gouv.fr/affichTexteArticle. do;jsessionid=FA064994560764A9D09316B33B8E9723.tpdila07v_1?cidTexte=JORFTEXT000029754374&idArticle=LEGIARTI000029755281&dateTexte=20150726&categorieLien=id#LEGIARTI000029755281> accessed on 12 June 2016.
Academic Vision
”
if the movie had not been a nineties movie but a 2016 one and if the Budapest Convention had been modified to include all this post-legal evolutions, we would have added this cybercriminal offence of remaining into a computer system to the Joey’s criminal actions even now, when downloading a file is a high-speed process because it is still required to remain into a computer system to do it.
puter system is a cybercriminal offence, according to article 2 of the Budapest Convention, but no articles deals about the fact of remaining into it. The movie takes place during the nineties when downloading a file was a low process and as Joey downloaded four files from the garbage folder, he needs time and to stay into the Gibson system during this operation59. The same evolution regarding cybercriminality offence list between 2001 for the Budapest Convention and 2014 for the French Criminal Code amended can be noticed. The former talked only about illegal access when the latter includes into article 323-1 the fact of remaining into a computer system: “Fraudulently accessing or remaining within all or part of an automated data processing system”60. If the movie had not been a nineties movie but a 2016 one and if the Budapest Convention had been modified to include all this post-legal evolutions, we would have added this cybercriminal offence of remaining into a computer system to the Joey’s criminal actions even now, when downloading a file is a high-speed process because it is still required to remain into a computer system to do it. 59 ibid [2]. 60 ibid [54].
SUBTRANSITION Joey seems to be the main cybercriminal in this case but is he the only cybercriminal? Is there something more punishable in the backdrop? B/ THE PLAGUE’S BEHAVIOUR LEGAL PERSPECTIVE 1. The Plague’s computer virus creation: misuse of devices in order to interfere computer data or systems First of all, we have to distinguish between the computer virus creation and its negative effects. Under article 6 of Budapest Convention, it is prohibited to “[commit] intentionally and without right : the production […] for use, […] of : a device, including a computer program, designed or adapted primarily for the purpose of committing any of the offences established International Focus Programme Almanac | 29
Academic Vision in accordance with the above Articles 2 through 5” 61. In itself, creating a computer virus is a cybercriminal offence because its own goal is to damage other’s computer data or systems, which refers to article 4 and 5, respectively: “criminal offences […] when committed intentionally, the damaging, deletion, deterioration, alteration or suppression of computer data without the right” 62 and “criminal offences […] when committed intentionally, the serious hindering without right of the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data” 63. The idea of disturbing a computer system is provided by article 323-2 of the French Criminal Code64 and this of changing data by article 323-3 of the same Code65. In this case, we seem to get another interdependence relationship between two IT actions: the computer virus production is a first step which plays the role of springboard for one of the cybercriminal offences listed like data and system interferences. The focus is made on the consequences: altering data or computer systems, which is the computer virus goal than its own creation. Therefore, someone who creates a computer virus commits a cybercriminal offence of data or computer system interference, above all, helped by the misuse of devices where the computer virus is just viewed as an IT tool. Regarding the criminal intent, according to articles 4 to 6, The Plague deliberately created a computer virus, so, he wished to design it for damaging data or computer systems. He seems to fulfill the two criteria: intent to do so and with no authorisation. His intent to destroy others’ data or computer systems has an impact on the software status he used to cause damage, the computer virus, because it confirms its malware nature which is fixed by the creator intent66. However, it seems to be hard to prove that he really wanted to damage Joey’s computer and his data because he was not the computer virus initial target. 61 Budapest Convention on cybercrime of 23/07/2001, s 6 : <https://rm.coe. int/CoERMPublicCommonSearchServices/DisplayDCTMContent?documentId=0900001680080f0b> accessed 6 June 2016. 62 ibid [57]. 63 Budapest Convention on cybercrime of 23/07/2001, s 5 : <https://rm.coe. int/CoERMPublicCommonSearchServices/DisplayDCTMContent?documentId=0900001680080f0b> accessed 6 June 2016. 64 French Criminal Code, s 323-2 : <https://www.legifrance.gouv.fr/affichCodeArticle. do;jsessionid=A3ACE4DA7466766426C8C1DB4F6837F0.tpdila07v_1?idArticle=LEGIARTI000030939443&cidTexte=LEGITEXT000006070719&dateTexte=20160608> accessed 9 June 2016. 65 French Criminal Code, s 323-3 : <https://www.legifrance.gouv.fr/affichCodeArticle. do;jsessionid=A4C138136C3A106844E1ADBB82A6DA96.tpdila07v_1?idArticle=LEGIARTI000030939448&cidTexte=LEGITEXT000006070719&dateTexte=20160608&categorieLien=id&oldAction=&nbResultRech=> accessed 9 June 2016. 66 <http://www.pctools.com/security-news/what-is-malware/> accessed 9 June 2016.
30 | International Focus Programme Almanac
Academic Vision The computer virus was present before Joey’s cyberattack so created for another reason than cyberattacking back Joey67. As an IT security officer, we can imagine that these four files were part of a previous internal security test planned by The Plague; that is an exception under article 6 of the Convention: “the authorised testing or protection of a computer system” 68 which we can find too in article 323-3-1 of the French Criminal Code69. Nevertheless, this status in the Ellingson company suggests some duties such as protecting misuse of this data i.e. a computer virus by storing them in a specific digital area with some restricted access and not letting them into the garbage. In fact, The Plague created this computer virus to cover his computer worm implementation consequences70.
2. The Plague’s worm implementation: misuse of devices in order to interfere computer data or systems The same legal analysis from The Plague’s computer virus creation applies there because a computer worm can be considered as another IT tool which permits to alter the Gibson system and change data to organise regular bank transfers to another bank account. The Plague seems to be culprit for misuse of devices and data & computer system interference, according to articles 4 to 6 of the Budapest Convention, based on the computer worm negative effects. 3. The Plague’s: money theft As we describe The Plague as a cracker whose one of his most popular IT actions can be stealing credit card numbers71, there is no doubt about his wish of financial profit. In this case, Joey’s team who wanted to show Joey’s good faith to just test the Gibson discovered that The Plague manipulated Ellingson’s banking activity to transfer money on his behalf thanks to a computer worm72. According to criminal law, he is a thief73. Article 311-1 of French Criminal Code defines “theft” as a “fraudulent 67 ibid [2]. 68 Ibid [62]. 69 French Criminal Code, s 323-3-1 : <https://www.legifrance.gouv.fr/affichCodeArticle. do;jsessionid=A3ACE4DA7466766426C8C1DB4F6837F0.tpdila07v_1?idArticle=LEGIARTI000028345220&cidTexte=LEGITEXT000006070719&dateTexte=20160608> accessed 8 June 2016. 70 ibid [3]. 71 <http://www.pctools.com/security-news/crackers-and-hackers/> accessed 8 June 2016. 72 ibid [3], ibid [36]. 73 <https://www.techopedia.com/definition/10257/cracker> accessed 8 June 2016.
appropriation of a thing belonging to another person” 74. However, he does not steal money, physically, by taking off bank notes from the Ellingson safety-deposit box, but by modifying IT instructions to transfer really small money amount from Ellingson bank account on a regular basis and automatically to another account whose holder is The Plague. This digital manipulation of IT instructions and banking data links to article 8 of the Convention named “computer-related fraud”. It stated as a cybercriminal offence, the fact of “[committing] intentionally and without right, the causing of a loss of property to another person by : a) any input, alteration, deletion or suppression of computer data ; b) any interference with the functioning of a computer system, with fraudulent or dishonest intent of procuring, without right, an economic benefit for oneself or for another person” 75.
”
we have to bear in mind that a theft means that the initial owner does not have and take advantage anymore of his items or goods like money. contrary to the unauthorised data duplication where there exist two copies of the same files, here, there is one financial resource cut into small pieces which moved from one bank account to another one
74 French Criminal Code, s 311-1: <https://www.legifrance.gouv.fr/affichCodeArticle. do;jsessionid=A3ACE4DA7466766426C8C1DB4F6837F0.tpdila07v_1?idArticle=LEGIARTI000006418127&cidTexte=LEGITEXT000006070719&dateTexte=20160608> accessed 8 June 2016. 75 Budapest Convention on cybercrime of 23/07/2001, s 8 : <https://rm.coe. int/CoERMPublicCommonSearchServices/DisplayDCTMContent?documentId=0900001680080f0b> accessed 6 June 2016.
International Focus Programme Almanac | 31
Academic Vision We have to bear in mind that a theft means that the initial owner does not have and take advantage anymore of his items or goods like money. Contrary to the unauthorised data duplication where there exist two copies of the same files, here, there is one financial resource cut into small pieces which moved from one bank account to another one. The first account, Ellingson’s one, is impoverished in favor of the second one: The Plague’s bank account. We really face to a money theft. To do so, The Plague implemented a computer worm which alters computer system to give the illusion that no transactions seem to be done and make the salami technique bank transfers on an automatic and regular basis. As a bank transfer can be successful only if some banking data and information are mentioned, he had to affect Ellingson’s banking data and bank account activity and management to reach his goal. It is a computer-related fraud based on data and computer system interference, defined in article 4 and 5 of the abovementioned Convention. Even The Plague had a legal access into the Gibson or other Ellingson database as an IT security officer, he abused of his professional IT accesses to steal money from his employer on which he has no rights because he is not the owner of this money and bank account. The “mens rea” is beyond doubt because his malicious intent was to act in the Ellingson’s back, by illegal means to get an unfair economic benefit76.
CONCLUSION After analysing the facts, through an IT perspective, we can assume that Joey looks like more a gray hat hacker because he did that by challenge but with some consequences on the legal ground and not with a malicious intent77. Hopefully, as Joey is a script-kiddy such as Zero Cool (hacker’s name of the main character in the movie when he was a child), we can suppose he is a minor and the legal measure against him can be: he will not be able to touch a computer until his majority78. Unfortunately, his parents can be fined as they are his legal representatives79. The Plague is completely in the dark side of the Force: a black hat hacker (bad guy wearing a black hat 76 <https://www.techopedia.com/definition/10257/cracker> accessed 9 June 2016. 77 <http://www.leblogduhacker.fr/les-differents-types-de-hackers/> accessed 8 June 2016, <https://www.techopedia.com/definition/15450/gray-hat-hacker> accessed 10 June 2016. 78 ibid [2], <https://en.wikipedia.org/wiki/Hackers_(film)> accessed 8 June 2016. 79 <https://en.wikipedia.org/wiki/Hackers_(film)> accessed 8 June 2016.
32 | International Focus Programme Almanac
in western movies80) who pirated his company computer system and bank references to make some financial transactions on his behalf81 and pretended to be a white hat hacker (good guy wearing a white hat in western movies82) by being the Ellingson IT security officer who is supposed to protect the Ellingson company from cyberattacks (even internal ones) and prevent from IT security vulnerabilities83. For The Plague, it is obviously a conflict of interests: due to his position in the Ellingson IT department, he knew how the IT security works internally and how to bypass it and where were security breaches such as an unlisted backdoor84. Joey and The Plague committed several cyberattacks: for the former, breach of access and copying data; for the latter, using malwares (computer virus, computer worm) and cyberfraud85. According to the Budapest Convention and the French Criminal Code, both, the teenager and the IT officer, have committed some cybercriminal offences. Joey is culprit of illegal access into the Gibson, unauthorised duplication of four Ellingson garbage files and staying a certain period of time into the Gibson to do so. The Plague is guilty for a misuse of a computer virus, except if he manages to prove that was for internal security purpose, and a computer worm misuse and both altered data and computer systems. The latter permits a money theft from the Ellingson’s bank account. To conclude, the real black hat hacker and criminal is The Plague who is doing worse in the shadows than Joey who plays the role of the perfect scapegoat, being under the spotlights by his gross attempt.
80 <https://www.techopedia.com/definition/26342/black-hat-hacker> accessed 8 June 2016, <https://www.techopedia.com/definition/10349/white-hat-hacker> accessed 9 June 2016, <http://www.pctools.com/security-news/blackhat-hacker/> accessed 10 June 2016. 81 <https://www.techopedia.com/definition/26342/black-hat-hacker> accessed 8 June 2016, <http://www.pctools.com/security-news/blackhat-hacker/> accessed 10 June 2016, <http://www.leblogduhacker.fr/les-differents-types-de-hackers/> accessed 8 June 2016. 82 <https://www.techopedia.com/definition/26342/black-hat-hacker> accessed 8 June 2016, <https://www.techopedia.com/definition/10349/white-hat-hacker> accessed 9 June 2016. 83 ibid, <http://www.leblogduhacker.fr/les-differents-types-de-hackers/> accessed 8 June 2016, <https://www.techopedia.com/definition/10349/white-hat-hacker> accessed 9 June 2016, <http://www.pctools.com/security-news/blackhat-hacker/> accessed 10 June 2016, <http://www.computerhope.com/jargon/w/whitehat.htm> accessed 10 June 2016. 84 ibid [36]. 85 <https://www.techopedia.com/definition/24748/cyberattack> accessed 9 June 2016.
Academic Vision
Internet Control – necessity or obligation?
THE INTERNET TODAY Technique has a big influence on our daily life. Electronic devices, multimedia, and computers are things we have to deal with everyday. Especially the Internet is becoming the most important and most accessiEvgenia Podgorbunskikh member ble form of mass media.1 It became ELSA Germany very famous for satisfying people with various services related to different fields. The Internet is seen as an important tool, which helps you in completing many daily tasks easily and conveniently with a few clicks. Almost everything is available now through the Internet - we make appointments using it, contact friends from all over the world, express our feelings, book tickets, pay bills, exchange vacation pictures, and read e-books. One can get information on any particulars thing around the world using the Internet. It does not matter, which language you speak, the Internet opens its doors for everybody. No doubt- Internet-life became so essential; we cannot imagine our lives without it.
WHAT IS THE INTERNET? But what is the Internet exactly and why has it become so important in the last 20 years? To start with, the Internet is a system that lets different computer networks communicate with each other using 1 Internet is the most important source of information, http://en.soi2014.se/information-and-facts/internet-is-the-most-important-source-of-information/ (Last visited 13.06.2016)
a standardized set of rules.2 It is a truly global system. It allows anyone from anywhere in the world access to this huge virtual library of knowledge, leisure, and a professional world without even leaving your house. There are many reasons for the massive increase of using the Internet. First of all, the Internet is very simple to use. Even children nowadays are able to handle it. Moreover, the Internet is even cheaper than real life. It will cost you more to meet friends for a coffee than chat with them. Sending virtual postcards to friends is also cheaper than sending the real ones. Computers, laptops, and mobile devices are nowadays quite affordable for every family so many children grew up using electronic devices. 20 years ago nobody could imagine such a rapid increase of Internet users. Another positive aspect of the Internet is the possibility of using home offices. For many young mothers who have to stay at home with small children it is not a problem to keep their jobs. Nowadays you can work on your computer at home and it is not necessary to go to the office. You can organize every day the way you want togoing to the office or staying at home. Personal meetings during the work day are reduced to a minimum. And the Internet is still growing! Around 40% of the population has an internet connection today. 20 years ago it was less than 1%. 3 Many computers link up to it every day and various organizations and companies are working to extend the Internet access to third-world countries. 2 Who owns the Internet?, http://computer.howstuffworks.com/internet/basics/ who-owns-internet.htm (Last visited 13.06.2016) 3 Internet Statistics, http://www.internetlivestats.com/internet-users/ (Last visited 13.06.2016)
International Focus Programme Almanac | 33
Academic Vision WHO OWNS THE INTERNET?
CONTROL OF THE INTERNET
The Internet is a giant system made up of smaller systems. But who owns this huge system? Who is responsible for the information that can be found on the Internet? Does the Internet have a single owner? Or is it a public property?
It is assumed that the Internet is a public property. Nobody can claim being the only owner of the Internet. But should there be a control of such powerful and untamed potential? Should anyone be responsible for the information that we can find on the Internet?
There is no certain answer for this question. Different opinions claim different positions about that.
The idea that somebody is controlling the Internet runs contrary to common knowledge. The Internet has a tradition of hosting free content with relatively little government or regulatory interference,6 and is today backed by a huge army of supporters ready to defend a free and open platform.
If you see the Internet as a unified, single entity, there is no one who owns it. There are organizations that regulate the Internet’s structure and the way it works, but they do not have any ownership over the Internet itself. There is no government in the world that can claim being the owner the Internet, nor can any company. From another point of view, every user and many organizations have the ownership over the Internet. The Internet consists of lots of different bits and pieces; each of them has a creator who owns it.4 If we upload a picture or an article or share our opinion to different topics, we are the ones who are responsible for changing the Internet and increasing the information it has. In addition to that, many organizations control the level of access of the Internet and the quality of connection. Those organizations do not own the whole system, but they affect the Internet experience. The third possible owner of the Internet can be some individual computer networks that make up the Internet connection. Several nations’ governments oversee computer networks. Depending on local laws, the owners of the networks can control the access users have to the Internet. Many companies can be called the developers of Internet, like The Internet Society, The Internet Engineering Task Force (IETF), The Internet Architecture Board (IAB) and The Internet Corporation for Assigned Names and Numbers (ICANN) for their influence to the work of Internet in common.5 But none of these organizations own the Internet. The Internet has no certain owner. While the structure of the Internet gets designed and preserved, ordinary users influence the actual content on the Internet. Internet continues to be the unrestrained cyberspace we all know and love. 4 The Internet’s Caretakers http://computer.howstuffworks.com/internet/basics/ who-owns-internet2.htm (Last visited 13.06.2016) 5 The Internet’s Caretakers, http://computer.howstuffworks.com/internet/basics/ who-owns-internet2.htm (Last visited 13.06.2016)
34 | International Focus Programme Almanac
a. The Internet Government Since the Internet is an incredibly powerful force for commerce and free expression, many people value the Internet. It leads to a number of governments fearing its power and seeking to control it.7 But is it a good idea to let the government control the Internet? Some people support this idea. Government has its first responsibility to keep the teenagers growing up in a healthy environment, which might be harmed by the modern media. The widely spread information on the Internet about every topic gives an easy access to resources with harmful and violence shows, films and lectures. Teenagers are a group of users who get easily affected, since they are too young to distinguish between whether the information is health or not. As a result, their mental health might be harmed by the media due to misuse. Secondly, the media could be taken advantage of by criminals. It is a new kind of criminals where people use media to harm others. It comes to online hate speeches, frauds in online banking, and stealing private data of users. Because of the technology, criminals can very easily hide themselves behind the Internet mask. And the victims are not able to protect themselves if the government does not intervene. It turns out the media should be controlled by government in order to keep the society safe and the relevant laws are necessary to be used to restrict people taking 6 Who controls the Internet? http://www.govtech.com/wireless/Who-Controls-the-Internet-Part-One.html (LAst seen 13.06.2016) 7 The Daily Signal, http://dailysignal.com/2015/07/30/how-congress-can-halt-government-control-of-the-internet/ (Last seen 13.06.2016)
Academic Vision misuse of the media. b. Limited Freedom of Speech and Rights to Privacy The issue the world will face if governments control the Internet is a violation of democracy. It entails the limitation to the freedom of speech and the right to privacy. The media should be free to access by society. The freedom of speech and the right to privacy are the essential human rights. Some people claim that regarding this; the media can play a role to supervise the government. People never feel courageous enough to discuss the work of the government or certain politics in the real life, but feel free to express this on the Internet. On the Internet they can stay incognito and do not have to be afraid of getting punished for their opinion or lose their jobs, if the opinion is unpopular. If the possibility to express themselves on the Internet will be controlled by the government, the public might be deceived. In this case the government will sort out the unsuitable online speeches and the articles and show only the appropriate ones. Moreover, there is an opinion that control by the government will disturb the development of media. As Adam Smith said, the invisible hand controls the market and motivates people to pursue their own benefits.8 This describes the principle of free markets and means that each of us acting in our own self-interests generates a certain request for goods and services. This makes others deliver those goods and services in order to get the compensation and make a profit in doing so. This de-
velopment is natural and spontaneously generated and should not be disturbed. Should the government control the Internet? This is the question posed in the title. The Internet does not belong to anyone. It is free and accessible for everyone. Controlling the information on the Internet by government will reduce the trust in media. The Internet represents is one of the common amendments of constitutions in most countries: freedom of speech and the right to privacy. Every person values freedom of speech and their privacy as something essential. The key to the worldwide success of the Internet is that it does not limit its users. The Internet is the place where people can express their minds without being reprimanded for every word they say or for the way they express it. Media should stay free of government control.
8â&#x20AC;&#x201A; Invisible Hand Theory http://www.ecocommerce101. com/invisible-hand-theory.htm (Last seen 13.06.2016)
International Focus Programme Almanac | 35
ELSA Network
Media Law as a contemporary legal topic and an engaging tool for the ELSA Network
Now that the last months of the Media Law as the IFP topic are approaching, the story of its beginning, back in 2012, seems very far away. Certainly it was a very long time ago. Meanwhile, four International Boards have changed, hundreds of ELSA officers finished their Marko Dolenec active ELSA careers and hundreds Proposer of the Media Law as the IFP topic in 2012 of new ones came, eight ICMs have Director for Media Law Programme, ELSA International 2012/2013 taken a place around Europe, the Assistant for the IFP, ELSA Network grew from 38 000 ELSA International 2013/2014 Vice President for Seminars & Conto 43 000 members and a lot has ferences, ELSA International 2014/2015 happened in the world. In contrast, the importance and contemporary relevance of Media Law did not change. Its profound relationship to daily challenges faced by groups, individuals and different entities is getting more and more visible and relevant. Therefore, as the person that proposed the topic to be the focus topic for the entire ELSA Network, I cannot but be extremely satisfied with its overall implementation and the reach it had, not only in the Network, but also outside of it: at numerous universities, different international organizations and several very prestigious projects. How did everything start? As the newly elected national Vice President for Seminars and Conferences in ELSA Croatia, with a fresh perspective acquired during ICM Algarve, I was aware of all the dilemmas and peculiarities 36 | International Focus Programme Almanac
around Health Law as the IFP topic back then. Thus, I was convinced that the new topic should not only reflect general IFP characteristics by being versatile, internationally relevant and with a big academic potentially, but it should, at the same time, restore the confidence of the ELSA Network in the IFP concept in general. And that was when the idea of Media Law as the IFP topic was born. Today, when we are living in a modern Internet society and Internet has become the first source of information, where we all are potential creators of media content, the need to provide future lawyers with knowledge in this area and to establish a common international legal framework for media is present more than ever. We expose our privacy to the borderless online world daily, different crimes are occurring, the modus operandi of online criminals is getting more severe and the international legal community, with its standards and long procedures, is often not up to date when it comes to online crime. The effects stemming from the absence of proper norms are visible all around us, but it also has to be emphasized that over the last four years a lot has been done in this regard, especially on our European continent due to the outstanding work of the Council of Europe, the European Union and their effective legislative and judicial systems. Therefore, the international and legal basis of this area of law is still in its creation, but events such as the Wikileaks or the Charlie Hebdo attacks, as well as cases against big companies such as Google, have put
ELSA Network this topic in the spotlight and its governing principles and rules are getting increasingly consistent and known. When the implementation finally started on 1st of August 2013, ELSA defined Media Law as an area of law that regulates activities in all sorts and sizes of media communications, such as print media, telecommunications, digital communications and the internet. For us, the main focus of Media Law was to define the role of media in democratic systems and the legal standards for the protection of freedom of expression, right to access information and privacy. Later, the implementation of the topic proved us that this rather broad definition was widely accepted, allowing the Network to explore this topic through an extraordinarily broad range of activities. The new topic was definitely off to a good start with the launch of the Legal Research Group on Online Hate Speech. It was the first international project ELSA carried out under this topic and with even greater dedication we were able to show to the Council of Europe that we share the same values. More than 100 researchers in 17 National ELSA Groups carried out the research, exploring how the Budapest Convention on Cybercrime was implemented in their domestic legal order, especially in regards to its Additional Protocol concerning the criminalisation of acts of a racist and xenophobic nature committed through computer systems. Its results were presented on the international conference in Oslo, which took place in December 2013. But that was just the beginning: as the final outcome of the conference in Oslo, the Guidelines on moderating Online Hate Speech were created and disseminated among the ELSA groups. The results we accomplished with the LRG and the Guidelines enabled us to become an active part of the No Hate Speech Movement1 and present our work in several occasions, including UNESCO’s conference “Youth and Internet. Fighting radicalization and extremism”. Following the initial international success, Media Law got its deserved place in the second edition of the ELSA Day, where more than 130 events in 33 countries were organized under the topic “Human Rights on the Internet”. Local and National Groups promptly responded and the activities they have organized varied from es1 A youth campaign of the Council of Europe for human rights online, to reduce the levels of acceptance of hate speech and to develop online youth participation and citizenship, including in Internet governance processes.
say competitions and moot court competitions, to lectures, seminars and institutional visits. A special interest was shown among organizers of last year’s summer law schools, who found the aspects of Media Law to be capable of attracting hundreds of students and professionals from all around the world to attend one week long projects in their cities. This publication gives you a chance to read more about some of them. ELSA has also organized three major international conferences with the support of the European Youth Foundation. The first one in Oslo, which we already mentioned, dealt with Online Hate Speech and online crimes; the second one was organized in Zagreb in 2014 and addressed issues of freedom of expression; while the third one was organized in Trieste in 2016, being the concluding conference of the implementation of Media Law as the IFP topic of ELSA.
”
For us, the main focus of Media Law was to define the role of media in democratic systems and the legal standards for the protection of freedom of expression, right to access information and privacy. Later, the implementation of the topic proved us that this rather broad definition was widely accepted, allowing the Network to explore this topic through an extraordinarily broad range of activities. International Focus Programme Almanac | 37
ELSA Network With these three conferences and two LRGs supported by the Council of Europe, together with all the projects devoted to the IFP topic, organised both at the local and national level, ELSA was able to engage more than 7000 students, mostly future lawyers, in discussions devoted to Media Law. And it should be noted that this number is only taking into account reported activities. There are numerous activities that took place over these three years that never made into our official statistics. This number, alongside with my close involvement with this topic for the most of its duration, makes me confident that ELSA has a real influence on the legal education in Europe and it can, not only raise awareness on certain issues, but also change the mindset of future lawyers and lawmakers and help them to be internationally minded young professionals. Therefore, a concept such as the International Focus Programme, when it deals with relevant, contemporary topics, is an extremely powerful tool in ELSAâ&#x20AC;&#x2122;s hands. It allows law students and professionals around Europe to rapidly develop understanding for hot legal topics and to have a significant influence on changes occurring in a legal and policy environment. Likewise, it gives ELSA a
38 | International Focus Programme Almanac
chance to support the creation of new legal instruments, to contribute to the education of its members and to effectively participate in relevant international discussions. In the end, I would like to personally thank all the members and officers that have, with their enthusiasm and devotion, actively contributed to the successful implementation of this IFP topic, and wish future ELSA generations plenty of equally successful and exciting IFP topics.
ELSA Network
Report of the ELSA Delegation to the Council of Europe Conference on
“Freedom of Expression: still a precondition for democracy?”
INTRODUCTORY SESSION The introductory session of the conference was moderated by Mr. Joshua Rozenberg, British journalist for BBC. He opened the debate by asking the distinguished speakers to explain what difficulties journalists are facing throughout Europe and what the Council of Europe is doing in order to protect them, since journalists have as much to fear from governments as they do from terrorists in certain countries. The panel outlined that the Council of Europe (CoE) works on two levels: political and judicial. At the political level, the Parliamentary Assembly of the CoE (PACE) has a great deal of influence on the legislators of Member States. At the beginning of this year, PACE debated media freedom in Europe and it was reported that, during 2013 and 2014, at least 15 journalists and media workers in Europe had died because of their work. Journalists were killed with impunity, meaning that States have failed to conduct proper investigations and to punish the responsible. Impunity encourages further violence and it is a proof that the system of justice has failed.
All across Europe there are cases of hostility, assaults, threats against journalists and their safety. However, they are also faced with restrictions imposed by national law on their freedom to access information and to disseminate it; many journalists are in prison, just because they did their work. After the terrorist attacks in Paris at Charlie Hebdo, PACE stressed that freedom of expression included the right to say things that may offend, disturb or shock people, affirming that “political criticism and satire must be protected as an essential part of media freedom, because democracy and the protection of human rights depend on media freedom.” In order to ensure protection of journalists, the CoE launched an internet-based platform in early 2015. The platform highlights attacks on journalists and both identifies and notifies the responsible government. This is an excellent development in this area, since the relevant State is called to answer to the alleged violations of the safety of journalists and to take action to stop them. Yet the CoE has a greater influence on Member States owing to the judicial achievements of the European Court of Human Rights (ECtHR), who decides whether or not Members have complied with the European ConInternational Focus Programme Almanac | 39
ELSA Network vention on Human Rights (ECHR). The main articles governing the freedom of expression are article 8 and article 10. Article 10 directly ensures the right to freedom of expression and information, but it also sets certain limitations; foremost, there is a list of restrictions prescribed by the law to protect national security and public order. Article 8 also provides some protection, as freedom of expression is a fundamental aspect of private life, which is similarly subject to exceptions. The ECtHR is responsible for assessing whether restrictions on freedom of expression are compatible with the ECHR articles and proportionate with the aim pursued. However, these two articles may sometimes clash: free speech can sometimes conflict with the right to privacy. When the Court deals with these issues, it therefore has to strike a between free speech and privacy. The Goodwin case is an example of protection of journalistic sources, which is considered one of the basic conditions for press freedom, as the crucial role of the press is to inform the public on matters of public interest and to provide accurate and reliable information. Though freedom of expression cannot be unlimited, the ECtHR emphasised that it is an essential foundation of a democratic society.
On this reasoning, a state that denies its people the right to free speech is necessarily a state that fails to respect the rule of law. Unfortunately, it is difficult for the Court to intervene and enforce its judgments because the issues arise as a matter of politics as well as law. It is paramount, therefore, that the CoE is able to actively speak out and identify States that fail to comply with art. 10 rulings. If states repeatedly refuse to comply with rulings from the ECtHR, by failing to respect preconditions for democracy such as free speech, they have no place in an international institution founded upon the preservation of human rights. It is recommended that the CoE ought to threaten expulsion and ‘name and shame’ countries that deny free speech. After his speech, Mr. Joshua Rozenberg introduced the panellists. He then addressed the first question to Mr. Nils Muiznieks, High Commissioner for Human Rights for the CoE, asking what else the Council can do and if it has a mandate to give an ultimatum to the States failing to comply with art. 10. The High Commissioner explained that he has a privileged mandate to press the governments and to expose their failures to the public. However, his role is primarily to highlight shortcomings, problems and deficiencies.
Delegates of ELSA present at the Conference (from left to right) Antonia Markoviti, Jessica Allen, , Inés Canibano, Natasha Renzetti and Kaleb Honer 40 | International Focus Programme Almanac
ELSA Network Mr. Rozenberg gave the floor to Ms Angelica Nussberger, Judge and section Vice President of the ECtHR, in order to explain what judges can do after ruling on a breach of the ECHR. Ms Nussberger defined the duty of judges as to set the standards and define the limits of the application of the ECHR. Finding a violation and setting some common standards is quite a strong power, but it is for others to implement the decision. After a brief discussion on the question, Mr. Rozenberg took the floor to introduce the topic of hate speech. He asked what hate speech is and where it comes from, addressing Dunja Mijatovic, OSCE Representative on Freedom of the Media. She defined hate speech as speech that is potentially provocative, vulgar and calls for violence; violence is actually the red line to identify hate speech. She added that the mandate of organisations, such as the OSCE and the CoE, is to assist but also to ‘name and shame’ the countries violating rules and conventions. Since hate speech exists in society, it cannot be eradicated entirely; in fighting it we should use other instruments than restrictions. Ms Mijatovic concluded that we do not have a right not to be offended, no matter how much it hurts, and that society is becoming more and more sensitive about free and hate speech nowadays. The discussion soon focused on whether insults against presidents and prime ministers ought to justify or require punishment. Particular mention was made of a case concerning insults directed at the President of Turkey, which is a main reason why journalists have been arrested and sent to prison in that country. Judge Karakas, a Turkish judge of the ECtHR, agreed that this particular issue is very prominent in Turkey and recalled certain laws of the Turkish legal system. Whilst explaining how domestic courts react to violations of art. 10, she recalled the verdict made by the ECtHR in the Mondragon v. Spain case and noted that, comparatively, eight of the 236 Turkish cases litigating this issue constitute a violation of judicial precedent. Mr. Rozenberg readdressed Judge Nussberger, asking what tools exist to prevent journalists from going to prison simply for being critical of politicians. Attention was afforded to two articles of the ECHR, notably art. 10 and art 17; the latter only applies in the most extreme cases. It is important to note that criticism is outside the
scope of the ECHR, even though it may be offensive, as it is distinguishable from hate speech; the two must not be conflated. Returning to the proposition to expel countries from the CoE, Judge Nussberger suggested that such a decision should not be met lightly owing to the importance of access to the ECtHR by individuals in order to have protection from States. Ms Mijatovic added that international organizations have the mandate to criticise States but little political will to change things.
SESSION 1 FREE AND PLURALISTIC PUBLIC DEBATE, A PRECONDITION FOR DEMOCRACY; HOW TO CREATE AN ENABLING ENVIRONMENT? After the introductory session, the panellists of the first session, conducted by David Kaye, United Nations (UN) Special Rapporteur on the promotion and the protection of the right to freedom of opinion and expression, brought attention to the current situation of Freedom of Expression in the Member States and how the case law of the European Court of Human Rights and the Internet have made an impact in this situation. Gvozden Srećko Flego, member of the Parliamentary Assembly of the CoE, opened the discussion. To begin, he took care to emphasise that democracy is a pluralistic requirement of a democratic society; this includes diversity of media and freedom of speech. In 2013-14, more than 30 journalists were killed “in an attempt to convert fear in obedience” which has led to increased self-censorship. The identification card, new online platform and open parliamentary debate are only three of the many measures which have been implemented by the Council of Europe to combat this issue. He remarked the need of turning parliamentary debate into real review of legislation and change. Ganna Yudkivska, judge in the ECtHR, highlighted the efficacy of ‘naming and shaming’ as an instrument for critiquing member states that impeached upon this. For the ECtHR, this is easy. Rather it is the novel issues surrounding the dangers to journalists provoked by the internet and social media which pose greater difficulty in modern society. The role of bloggers in the Internet seems essential to keep a free forum of discussion. However, it is still not clear which is the coverage of their International Focus Programme Almanac | 41
ELSA Network activity. The second context of concern raised by the Internet is that occasions when it is misused to spread hatred and hostility. There are states where journalists are indicted for fabricated crimes. ‘Enabling environment’ requires states to put in appropriate measures to protect the freedom of expression and a sufficient legal framework in order to regulate this. However, the Legal Director of Media Legal Defence Initiation (MLDI), Nani Jansen, highlighted that such an ‘enabling environment’ is unattainable in certain states where various methods have been employed in order to directly or indirectly suppress the freedom of expression. Notable examples from across the globe include the fabrication of charges, the reintroduction of previously repealed legislation under the guise of ‘internet legislation’, the abuse of copyright law to remove content online and the abuse of criminal defamation law with onerous civil charges. Christophe Deloire, Secretary General of Reporters without Borders (RWB), contextualised these issues in light of the question posed by the session’s title. Freedom of information should be ensured by pluralistic debate as well as human rights law. There is an information war among states regarding the communication of international relations. Information means are controlled by oligarchs in most European countries; four billionaires own 80% of media outlets in France, for example. Questions regarding the freedom of the media are being raised as advertisers and oligarchs are able to influence this which reminds that is not the same thing the freedom of media than the freedom of information. Citizens have the right to access this information in a neutral environment. Freedom should be exercised by the journalists individually. Protecting independence of journalists is a key factor to secure diversity. Furthermore, the Council has to evolve providing new rules that require journalist being transparent. Questions were then raised by various participants in the conference. Particularly attention was initially afforded to the existence of tools which can be used to ensure greater plurality. Collectively, the panellists observed the value of tools which raise awareness of the issue in a general sense, those which confer powers to litigate freely and openly, as well as rules of ethics adopted by media 42 | International Focus Programme Almanac
outlets, though unfortunately these are optional. Media transparency is a useful tool to identify a conflict of interests, but alone is insufficient to remedy them. Rather those tools which limit the ability of oligarchs to falsify information in the media are of particular importance, given that they are largely informed by human rights mechanisms which are not in isolation sufficient. Some of the hardest issues surrounding intimidation were identified. Many independent journalists, for example, have been victims of smear campaigns organised by progovernment media outlets whilst others have been repeatedly arrested. Specific media outlets have also been targeted and crippled through the implementation of similar schemes. Furthermore, it is becoming increasingly difficult to define who can legitimately disseminate information and who can be regarded as a ‘journalist’. ‘Journalist’ is not restricted to professionalism; the methods used, the independence and the social import are factors that can inform the broader classification. Increasingly, it has been argued that bloggers specifically should be subject to the same protocols as journalists. It seems crucial to define clearly who should be safeguarded in their “watchdog role”. At the end of the session, recommendations were made as to what can be done to ensure free and pluralist public debate. Notably, a reassessment of the international legal framework would be laudable as cases regarding free speech seldom win or reach expeditious ends.
SESSION 2 FREEDOM TO “OFFEND, SHOCK OR DISTURB”: WHERE DO WE STAND? A critical issue was addressed in session two, which was moderated by Agnes Callamard, Director of the Columbia Global Freedom of Expression and Information. The panel of eminent legal figures considered the mechanics of hate speech in light of recent ECtHR case law and non-legal means that have been implemented in Member States. Françoise Tulkens, Former Vice-President of the ECtHR, was invited to open the discussion. To contextualise the issue at hand, she emphasised that hate speech is about intolerance in a general sense. It encloses us in a dilemma which can only be combatted by pluralism
ELSA Network and open-mindedness. There is a tendency to close our minds in order to protect ourselves from being targeted. However, only democratic societies are able to identify divisions such that freedom of expression is evidently a precondition. In the early 21st century, the principal concern was of the violence which may result from hate speech; in F v. Belgium, the president of a right wing political party was charged with hate speech yet no breach of article 10 of the ECHR was found. The debate has since turned to whether hate speech or any preceding conduct can be regarded as conduct in of itself, which should result in a formidable sanction. Certain commentators have discouraged this approach as hate speech can be resisted through other means such as education and debate; it is important to act cautiously to prevent the development of hatred in individuals. Nicholas Vadot, Member of the Cartooning for Peace Foundation, paid particular attention to the recent Charlie Hebdo attacks in Paris in January 2015. He regarded
the incident as a watershed, following which cartoonists realised the social utility of their cartoons; ones that had not been posted in the past had become acceptable. There is a relationship with the social childlike subconscious to which these cartoons appeal worldwide. An interesting perspective in light of gender inequality was raised by Valentina Pellizzer, President of OneWorld Platform Foundation (OWP). There is an online campaign regarding women being attacked which has become a hub for offensive comments, but these comments must be distinguished from repetitive attacks or â&#x20AC;&#x2DC;hate speechâ&#x20AC;&#x2122; which does not facilitate debate or discourse. The online environment is a continuum of the offline environment, such that education is a better mechanism than censorship to combat hate speech. Questions were then welcomed from participants. As asked by the session from the outset, focus was initially upon the freedom to offend and when it is acceptable. Blasphemy, it has been argued, is one domain where such freedom should be absolute. For example, in France, people have the right to criticise religions, but not to di-
International Focus Programme Almanac | 43
ELSA Network rect his at individuals themselves. Debate is natural in society and banning blasphemy would be counter- intuitive as well as dangerously unlimited. Moreover, it was suggested that hate speech is in itself a conduct. There is a need to distinguish the freedom of expression, which should be protected, and hate speech, which does not serve to facilitate founded discourse. In a pluralistic society, the limits of free speech can be noted in that the preservation of diversity seems to ironically restrict the diversity of expression on the basis that such diverse cultures and concepts are so deeply felt. Recent case law of the ECtHR has demonstrated that intolerance seems to be increasingly on the rise. The ECtHR has more recently taken a harder line against blasphemy, but several panellists agreed that the broadest possible definition is arguably favourable whilst preserving a domain for discourse. Freedom of non- judiciable expressi-
on should exist with only some restriction as regards the right to instigate violence through free speech.
SESSION 3 THE FIGHT AGAINST TERRORISM: ARE WE ALL POTENTIAL SUSPECTS? During the third session, another hot issue was discussed: whether there is a conflict between ensuring the freedom of expression and fighting against terrorism. One of the subtopics raised was the current legal situation within the Member States of the council and the measures in place to combat terrorism, incitement to violence and radicalisation through the Internet, as well as the role played by the ECtHR in this arena. Elfa Ýr Gylfadóttir, Director of the Media Commission in Iceland, acted as the moderator in this session of the conference. Stéphane Duguin, Head of the European Internet Re-
Delegates of ELSA with our Patron, Thorbjørn Jagland (in the middle) 44 | International Focus Programme Almanac
ELSA Network ferral Unit (EU IRU), was invited to open the debate. He began by observing that, since 2011, there has been a shift on the Internet towards information dissemination and proliferation of content. As a result, propaganda is emerging online across various platforms in order to source funds and recruits. Given this high-speed change, Ministers of Europol decided that a division had to be set up to track this type of online content and its movement. When content that is clearly inviting violence is found, it is made known first to the respective State and then to the provider. So long as the content breaches their terms and conditions, it is important to highlight its existence to the provider so that they can consider whether they would like to keep it online. There is no legal obligation imposed by Europol; it is voluntary and up to the provider. Europol merely offers them some legal guidance on what constitutes violent content. To some extent, social media offers some form of self-censorship. Nicolas Hervieu, Lawyer in Public Law at Paris-Ouest and Pantheon-Assas Universities, pointed out the importance of setting out clear principles to define what may be terrorism. The absence of any universal guidelines on this concept could create a paradox of destroying democracy whilst also trying to protect it. David Banisar, Senior Legal Counsel at Article 19, furthered that the law in this area has deteriorated since 9/11. Antiterrorism legislation is being misused more and more to restrict freedom of speech and “give police power to spy.” Several recent examples were identified for the benefit of the attendees. For instance, in Russia, there is an extremism law which has been extended to online dissemination; it was recently exercised against a consumer law protection association in order to block a website which posted an article about travel to Crimea. In his opinion, there is a systemic abuse of these laws by States that needs to be resolved. Defining radicalism requires relativity to the society in which it arrives. Akil Awan, Adviser to the Special Committee on Justice Reform, reminded the panel that it is not absolute but involves transcending recognised methods and norms in a given context. Interestingly, there is a prominent fragile youth demographic enrolment in
these radical movements owing to political disenfranchisement, socio-economic inequality and the self-identification and membership that it provides. On this basis, it appears that the Internet and social media have been subverted in part as a result. Most real world activities have a digital counterpart in the twenty-first century; rather than the internet propagating the radicalisation of ideas, it is merely the new media environment known to youth who are ‘internet natives’. Questions were raised as to what can be done to fight against terrorism. After All, democracy requires tolerance of certain risks rather than working tirelessly to eradicate them completely. Panellists suggested that the dichotomy of liberty and security is somewhat abstract since both are rights of the individual. There are laws to regulate certain crimes, but also scope for public debate in order to generate ideas. Most importantly, there must be a willingness to change ideas which ought to be achieved by responding to them rather than suppressing them.
SESSION 4 PROTECTING FREEDOM OF EXPRESSION ONLINE: WHAT IS THE ROLE OF INTERMEDIARIES? Session four facilitated debate of the role of intermediaries, their methods and responsibilities as regards the protection of the freedom of expression online. Julia Powles, Legal Researcher at the University of Cambridge, acted as the moderator in this session of the conference. Robert Spano, Judge of the ECtHR, opened the discussion of the issue at hand. He began by outlining the pertinent and contemporary facts of the Delfi AS v. Estonia case. Delfi published an article on its online portal which attracted a number of contentious comments. Some of these contained death threats against the author. Delfi was asked to remove the comments and damages where claimed by the victim; the former occurred by not the latter. Damages were later awarded by the domestic court in Estonia, leading Delfi to complain to the ECtHR under article 10 of the ECHR. This complaint failed, with a ratio of 15-2 among the presiding judges.
International Focus Programme Almanac | 45
ELSA Network The ECtHR attempted to make a necessary advancement of the law in this area, though no grand assumptions can be made of its scope. Indeed, the court said this decision did not extend to forums of third party commentary or social media where no obligation is owed as regards regulation. The Delfi AS case demonstrates that the Strasbourg court follows it same fundamental principles and is an evident attempt by the ECtHR to find a pragmatic middle ground as regards the balance between articles 8 and 10 of the ECHR. Gabrielle Guillemin, Senior Legal Officer for Article 19, raised some criticisms against this decision. She argued that intermediaries should gain immunity until put on notice. Delfi removed content immediately and the case seemed uncontroversial until damages were awarded by the Estonian court. Worryingly, freedom of expression is becoming the principle that needs to be justified rather than the norm. ‘Hate speech’, ‘credible threats’ and ‘obscenely offensive comments’ do not warrant equal consideration as appears to be the case in the decision; the Court appeared to attach too much attention and credibility to the threats which were very variable in nature. It seems that article 17 of the ECHR was invoked indirectly, despite the Court’s assertion that it should rarely do so. Questions were swiftly raised as to what Delfi could have done. Robert Spano noted that the ECtHR started its analysis on the categories decided by the domestic courts, hence the lack of distinction. However, it may be that some formal notion or class mechanism ought to be outlined for future reference. The burden of the ‘take down’ system is put on the alleged victim but this should not be so; the intermediary should have responsible persons to regulate comments given their commercial benefit. Siobhan Cummisky, Policy Manager for Europe, the Middle East and Africa for Facebook, contextualised the issues in the domain of social media. She noted that the case does not apply to Facebook as the content is entirely user generated. Though there is a commercial dynamic, this was not the basis of the judgment to warrant the inclusion of social media. Owing to the mass number of visitors, there will naturally be both positive interaction and controversial interaction. This is admissible as debate is integral to a democratic society. 46 | International Focus Programme Almanac
There are standards to protect users on social media from particularly discerning content; for example, terrorists are forbidden to use Facebook. Counter-speech can often be more effective than outright removal, though, such that the worst comments are removed but not all. Independent research coordinated by Facebook suggests that counter-speech is less regular online but received greater traction. Hervé Henrion-Stoffel, Legal Counsel to the National Consultative Commission for Human Rights, highlighted the E-Commerce Directive passed on 8th June 2015 in order to demonstrate that regulation is becoming a major issue of sovereignty. He argued that companies consider that they have extra-judicial authority owing to the nature of their work. In reality, companies have an obligation to impose regulations, but as yet no such criminal accountability has been sanctioned. Questions centred largely on the need for anonymity in order to ensure freedom of expression. One submission in the Delfi AS case regarded this issue, as a defendant
ELSA Network could not be easily discerned owing to the sheer number of anonymous comments. The CoE has also discussed this question and recognised the importance of some anonymity, even though it may confer a sense of impunity, as well as pseudonymity.
SESSION 5 DECRYPTING THE IMPLICATIONS AND ASSESSING THE COSTS OF MASS SURVEILLANCE ON FREEDOM OF EXPRESSION Discussion in the fifth session of the conference revolved around the actual and potential impact of surveillance on citizens’ freedom of expression in light of principles that have been established by the ECtHR case law and protective mechanisms at the national level. The moderator in this session was Charles Amponsah, TV producer at the CoE. David Kaye, UN Special Rapporteur on the promotion and protection of the right to expression and opinion, was invited to open the debate. He began by underlining
the fact that mass surveillance and targeted surveillance are linked, though each are regarded differently by law. The latter is subject to law and proportionality, whilst the former is usually secret and law is disregarded. Both are, however, linked to article 19 of the ECHR. Any efforts to undermine encryption are therefore to undermine the freedom of expression. In his opinion, encryption technology should be used and be made more widely available to escape the stigma attached to those who are in the minority currently using it. Panellists generally agreed that targeted surveillance undermines the freedom of expression. However, Iain Cameron, Professor at the University of Uppsala, emphasised that it also undermines the freedom of association and the freedom of information. The Venice Commission attempted to answer the question of how we should and could regulate surveillance, producing a report in spring 2015 to that end. In the report, the Commission attempts to bring forward good practice through highlighting both good and bad examples. Central to this discussion is the jurisprudence of the ECtHR, as well as European Union (EU) law for member states where appropriate. Returning to the potential of encryption technology, Saša Janković, Protector of Citizens for the Republic of Serbia, suggested that it is merely a painkiller rather than a cure. Indeed, that fact that it must be used directly demonstrations the violation of article 10 of the ECHR by mass surveillance which is a mainstream practice worldwide. Further to this, Cécile de Terwangne, Professor of Law at Namur University, referred explicitly to private surveillance by private companies. Personal data on the internet is what facilitates the system. Private data communicated to intelligence services should be under a person’s control, to an extent, and under the protection of the law. The data protection system of the EU character and articles are of particular relevance to this debate as a result. Normally intelligence agencies are required to abide with the 108 Convention and its articles. The panel was questioned on what options are available to increase awareness of this topic. To restrict surveillance, it was argued that there must be tangible links to specific concrete offences in order to justify its collection. Procedural safeguards should be put in place to International Focus Programme Almanac | 47
ELSA Network ensure this foundation exists. Whether mass encryption is realistic or not was also discussed, though the general consensus was that it would be wrong to suggest encryption is the only viable and efficient option or that all other mechanisms are failing entirely.
measures which have been taken as a result. UNESCO is actively researching and highlighting the impacts on the freedom of journalists of newer technology. Finally, the UN tries to raise awareness through campaigns, drafting guidelines and creating handbooks.
SESSION 6
This work of UNESCO was contrasted with that of the Council of Europe (CoE) by Jan Kleijssen, Director of the Information Society and Action against Crime Directorate of the aforementioned institution. He noted that the CoE has a trilateral approach to their work which is comprised of standard setting, the monitoring of compliance and the facilitation of standard implementation where aid is required. Though the steering committee suggested a specialised committee for the freedom of expression, support was not so wide as to enable this. Instead, the Secretary General writes an annual report on the state of democracy in Europe with a specific consideration of this topic and his prescriptions.
STRENGTHENING OUR COMMITMENT TO FREEDOM OF EXPRESSION IN ALL CONTEXTS: POLICIES - ACTIONS - TOOLS The final panel was dedicated to policies, actions and tools that may aid European international organisations action to promote freedom of expression for all stakeholders, even in a crisis context. Jean-Paul Marthoz, Committee to Protect Journalists EU Correspondent, acted as the moderator in this session of the conference. Krisztina Stump, Deputy Head of Unit G.1 (Converging Media and Content) from the European Commission (EC), opened the discussion with reference to a new project on the mapping of journalistic and media freedom throughout Europe. The media pluralistic membersâ&#x20AC;&#x2122; tool shows not only the risks which are spreading throughout the EU but the common priorities. However, she brought attention to the fact that there is still scope for the improvement of cooperation on the platform and increased visibility of projects. The role of the EC, together with other international institutions and the media, is to support freedom of speech of media employees. Marius Lukosiunas, Program Specialist, Division of Freedom of Expression and Media Development at United Nations Educational, Scientific and Cultural Organization (UNESCO), furthered that only UNESCO has some scope to ensure the protection of journalists. In a primitive sense, the aim of UN is to ensure a free and safe environment for journalists all over the world. The organisation therefore supports all Member States as regards the implementation of relevant legal principles in order to reach this goal. Thereafter, Universal Periodic Reviews (UPR) provide a monitoring tool of press freedom, of which UNESCO monitors the media aspect by ranking states on the levels of impunity existing there. Furthermore, the report of the UNESCO Director General is the only one to condemn any and all deaths of journalists. States have to inform the Director General of 48 | International Focus Programme Almanac
MatjaĹž Gruden, Director of the Policy Planning Directorate of the CoE, furthered that the primary responsibility for creating an enabling environment lies with the government of a given State. The ultimate motivation is to trigger an active dialogue and endeavour to find solutions which require governmental willingness. A new internet platform allows the CoE to be quicker, to have more resources and to be widely accessible. It was set up with five (now seven) NGOs who can post alerts on media violations directly onto the platform. One motivation for this facility was to ensure greater visibility whilst also enabling expeditious actions and awareness; alerts are sent to the governments of offending states immediately without any previous filter in order to open an international dialogue.
ELSA Network
INTRODUCTION How did this legal research project on freedom of expression came to be is largely connected to ELSAâ&#x20AC;&#x2122;s values and goals. ELSA is an organisation aiming at improving the professional skills and knowledge Bruno Filipe Monteiro of law students and at the same International Academic Coordiimproving human rights in Euronator of the LRG 2015/2016 pe and worldwide. Legal Research Projects are, therefore, a great venue to achieve these great objectives, since law students are able to apply the knowledge they have obtained in their universities while giving back to the international community by providing much needed comparative knowledge that is difficult to obtain. It is for these very reasons that Council of Europe has continuously cooperated with ELSA in LRGs and how this new LRG came to be. Protection of journalists, their sources and whistleblowers is not a new, but it certainly is a hot topic. While these have been the subject of review by the European Court of Human Rights several times before at European level, the same cannot be said at national level. The-
re is not enough information available on how Member States implement the European standards on protection of journalists and their sources. For this reason, and building on past LRGs on freedom of expression and hate speech, ELSA has decided to cooperate once again with the Council of Europe to provide as much information possible on the current state of the art and help improve the human rights situation of journalists, their sources and whistleblowers. My experience as International Academic Coordinator has been truly rewarding. I have had the chance to get in contact with professionals, academics and students from 30 European countries while learning about the specificities of each country. This is something that I would never be able to do otherwise due to the language barrier. And this leads me to one of the main difficulties of this LRG, which is communication and understanding. The key to a successful comparative project is to ensure that you collect the same variables in all of the different countries. Otherwise comparative analysis of the information becomes impossible and you cannot draw any conclusions. While every national group had to respond to the same specific set of questions as part of the proInternational Focus Programme Almanac | 49
ELSA Network ject, it is difficult to predict how each group interpret them. This made collection of the same variable difficult in the beginning however, this is something that has been largely overcome by providing objective feedback in combination with the drive felt by each national group to give back to the international community.
effort in this project. I am also really proud of our Academic Coordinator and Academic revisor who were effortless every single second. My Linguístic Editor was also a reason why this project was worth it - she is amazing and rewrote everything she thought was not as good as it should be! I am also proud of keeping the deadlines (with a few delay - just a few hours...).
I am happy with the overall results of this project. It wasn’t easy to coordinate the work of so many national groups. Especially when taking into consideration that many of the researchers also had other work or university-related commitments while this project was running. With herculean effort, each national group did an amazing job in providing the information needed, even when national information about the topic of protection of journalistic sources was difficult to come by. Seeing the end results of each national group is definitely my proudest moment. It was great to receive the final report of each group, since it is basically the materialization of months of hard work of hundreds of students, professionals and academics. I can’t help but feel proud for each group and their quality legal reports, especially considering that it was written in English which is normally not done in many countries. I also cannot help but feel proud that I contributed to this result. When we were aware of this project, ELSA Portugal Board decided that it would be a worderful project to take part. Not only the subject is of great importance but also we found that there are many portuguese Law Students that are interested in this matter.
João Pedro Guimarães National Coordinator ELSA Portugal
The experience was as amazing as exhausting! As National Coordinator I had the hard job of coordinating 11 people, with different schedules and occupations, trying to respect the deadlines and also keeping our researchers motivated and willing to give their best all the time. I loved it and I grew in so many different areas. Definetely I spent a lot of time in this LRG but it was worth it. I am really proud of my researchers and their 50 | International Focus Programme Almanac
I chose this ELSA LRG since I was interested in the field of legal researching, and of course this looked as a quite a stunning opportunity. Also, as my studies were focused on the field of media law, the topic itself has been a key factor. Mariano Delli Santi Researcher ELSA Italy
The main difficulties I faced are linked with timing, as most of the workload was distributed during my winter exam sessions. This probably made it quite more stressful than it could have been. Being congratulated by the coordinators of my team because of my english proficiency was probably the most remarkable achievement, as during my primary education I’ve always been considered a poor english student. I was also the national coordinator and was wasn't sure if I was going to have enough time, but at the end I decided it's a great way to exercise my legal English skills and to learn more about media law, because we don't study it at university. Now I am super happy with ny choice.
Ana Petrova National Coordinator and Researcher ELSA Bulgaria
It was very challenging. The coordination part wasn't so hard, but was time consuming. The researching (because I was also a researcher) was quite intriguing, but writing was very difficult. But I'm pleased with the results so everything was worth it. As a national coordinator I'm most proud of how many
ELSA Network people I motivated to participate and also of the following national conference, where we discussed our report and were able to raiss awereness of the issue. As a researcher I am most proud of actually writing my part in the required style, because I put so much time and efforts. As I am a radio producer myself in a local radio station, journalism has pretty much taken my heart. Therefore, the topic of the LRG was particularly tempting for me. The experience was overall great. The national coordinators guided us thoroughly through the process and responded in time.
working as part of a tram enabled me to meet like-minded lawyers from my country, shared ideas and views on the topic and on wider legal issues. I am mostly proud of my determination to get involved in the project, although my schedule over that period had been quite tight in terms of time. I am also greatful for the knowledge I gained and of course the new friends I got to make, whom I am certain I will meet again in the course of my professional life in the near future.
Stephanie Efstathiou Researcher ELSA Greece
I am most proud of the cooperation I had with a fellow researcher and the overall result that came out in the end. By respecting each other's work as well as the work of all the other researcher resulted to a national report with content and substance. I chose the LGR on the protection of journalistic sources because it appears to be a particularly topical issue today. Even in Europe, we see still experience blatant violations of freedom of speech, which underpins our European Principles, Nikoletta Kallasidou so I thought that the call for LGRs Researcher on the protection of journalistic ELSA Cyprus sources came just at the right time. There were occasions in the past where the results of our findings formed the basis for the changing of legislation so I felt it was important to participate in such a project that could potentially trigger a positive impact to my county's laws. My experience was overall positive and it provided me with the opportunity to enhance my knowledge in an area of law I did was not familiar with, as my background is mainly corporate/commercial law oriented. Further, International Focus Programme Almanac | 51
ELSA Network
ELSA Law Schools on Media Law
The reason why we chose to organize a IT Law related Summer School was quite simple - IT Law chose us! In order to provide law students and young lawyers with an opportunity to gain knowledge and practical experience in various fields of Media Law and to create the platforms for academic and cultural exchange, ELSA groups organized numerous law schools all over the Europe during these 3 years of International Focus Programme. Our Law Schools are events lasting for at least a week with a minimum of a 20 hours of scientific programme, including lectures followed by workshops or any other means of more interactive learning methods, which deepen and emphasise different areas of the lecture. Many local boards organized Law Schools in close co-operation with an academic or institutional Media Law partner. The following contributions are provided by ELSA Law School Head of Organizing Committees (HoOC), who kindly agreed to share with us their wonderful experience!
We wanted to engage our best OndĹ&#x2122;ej Chylek of Organising Committee, teachers from the faculty to give Head Summer ELSA Brno Law the participants a real boost in their School on IT Law knowledge: we have an Institute for Law and Technology with a Europe wide known teacher, Radim Polcak - if it rings any bells - with his support we've been able to collect a nice team of lectures of whom we also knew will be fun and interesting. In overall, I think we have done a tremendous piece of job in Brno with my team: we stayed highly motivated despite all the tough work it took. Compared to the previous year edition, we had more foreign lecturers (even a captain from NATO!), more participants, the social program was richer and more fun and we also got 5 credits for participants On the other hand, the participants weren't as active as we and our lecturers expected so we needed to tie them up during the week. In the end they got ahead of themselves and did a great job with presentation of Case studies. Case studies are something we are really proud of - our general sponsor ROWAN LEGAL (best IT law firm in our country) dealt with start-ups that have is their cases
52 | International Focus Programme Almanac
ELSA Network to solve - so participants ended up working in the teams on solving real cases and then presented them to the respective firms and had an hour afterwards to counsel them further! We were so happy that they did something with a real impact and try out what it means to be a legal counselor.
ally wanted to make sure that our participants connected across countries - and seeing pictures on facebook of some of them still meeting and visiting each other, really ensures us that we succeeded in creating friendships across borders.
At the same time, as we tried to do the program as much practical as possible, there was a lecture at the Supreme Prosecutor office about cyber criminality and then we showed the participants the "polygon" - a physical and virtual space where security experts are able to simulate the most serious cyber-attacks and practise defence.
Cyber and Law has been a topic that followed us since the very start of our adventure as the local board of ELSA Pisa – our first event was a conference on Computer ForenSara Galassini sics and data protection during the Head of Organising Committee, trial. From that experience we unSummer ELSA Pisa Law School on Cyber&Law: Compuderstood that we wanted to explore ter Forensics and Digital Business Security this topic even further, and to give the opportunity to ELSA members to gain experience and legal skills on this inspiring law field. And then we discovered that it was also one of the sub-topics of the current International Focus Programme – it gave us even additional motivation in order to challenge ourselves with this intensive project!
If there have been a dark side in all of this, surely it was because of many parties during the nights so people may find difficulties to concentrate during the day - but it's a risk that is worth to take! The main reason for us to choose Media Law as the topic for our ELSA Law School was because it was the International Focus Programme topic. Furthermore, we knew, that we would have great oppertunities with big law firms with this topic and that if would reach out to a lot of law students. The planning of the ELSA Law School was one of the hardest events I have ever planned. It took a lot of time and there were moments where we had doubt about Romensha Dharmasena the outcome - specially because we Member of Organising Committee, didn't know, if we could fundraise Summer ELSA Copenaghen Law School on Media Law: enough. However, when the date Legal Issues of the 21st Century finally came, and our ELSA Law School began, everyone in the Organising Committee felt that it was all worth the troubles and we all had a great time. A lot of the people who helped plan the ELSA Law School of 2015 chose to join again in the making of this years ELSA Law School - so I am not the only one who felt like it was worth it at the end!
It took our days and nights – seriously. Planning the academic programme, arranging the social programme and the gala, negotiating with sponsors wasn’t simple – but there’s no single minute that we regret if we remember the time we enjoyed with all the participants. All the guys actively took part in the lectures and did their best in the Essay Competition, working together in groups and discussing how IT tools can help us in the protection of personal data, and how they can support the lawyer in the collection of digital evidences. We also invited Mr. Davico, a Risk Manager who explained the working process of “Digital twin”, a software that integrates data from many different software products, reducing operational costs for business. We wanted to teach our participants about a lot of things, but in the end they teached us even more: in that week we gained a lot of true, smart, open-hearted friends, and we miss them so much still now! All of our efforts have been rewarder by their happy smiles during the Summer School, and we can’t wait to welcome them in Pisa again!
We really used a lot of time on the project, but to be there through the week and see the outcome of our hard work, made us all really proud. Other than that, we reInternational Focus Programme Almanac | 53
ELSA Network
Nihad Odobasic Head of Organising Committee, Summer ELSA Sarajevo Law School on Media Law and Role of Media in Armed Conflicts
The Organising Committe chose the topic of "Media Law and Role of Media in Armed Conflicts" since we were looking for both actual and controversial one. This topic gave us opportunity to interdisciplinary approach during lectures, focusing on specific role of medias during armed conflicts in positive or sometimes negative way.
Our experience was more than positive, the whole Organising Committe was satisfied with results and impressions of participants at our ELSA Law School. Comparing to the first edition, I could say that results in academic and social field were much better. The fact that we had an abovementioned interdisciplinary approach during lectures made us truly proud. This can be easily noticed by look on our agenda with different lecturers, where one of them came from USA. We chose to organise a Summer Law School on Media Law mostly because it was the current International Focus Programme topic. In addition to this several members of the Local Board were into this topic and in our University there Elena Maglio of Organising Committee, is no such class. So, we thought it Head ELSA Trieste Summer School Media Law: Implications of might be a great opportunity to onmodern technology develop a topic we were interest in and to present a project that would help the students to expand their knowledge in a field not directly treated in our lessons at University.
54 | International Focus Programme Almanac
It was hard at the beginning. It was our first International event and we werenâ&#x20AC;&#x2122;t known in the city as Association. We worked a lot to present ourselves and to find sponsors and partner. It was also hard to find a way to work together and develop all our ideas. In the end we came up with this event and people liked it. We got a lot of compliments from Institutions, students, participants. More than one wrote in the feedback form that it was the best SLS they attended. Positive feedbacks encouraged as to develop a second edition. An international event like this is also a strong team built exercise. Iâ&#x20AC;&#x2122;m most proud of the work we did as team: we really grown up together. The way we managed to promote and develop this project was new for us and it introduced us to a more international perspective.
ELSA Network
A STEP forward in Media Law
A STEP traineeship is always a wonderful experience for a law student, as it allows him or her to acquire professional legal experience, learn about a different legal system and experience the culture of another country while improving language skills at the same time. During the IFP cycle on Media Law, with the cooperation of prestigious law firms, international organizations and academic institutions from all over Europe, we gave the opprtunity to our members to improve their skills on the most modern law fields - such as Intellectual Property, IT Law, freedom of expression. Here’s the personal experience of some of them!
I can highly recommend Portolano Cavallo as a first choice for the ELSA STEP Internship abroad. I'm pursuing LLM in IP Law and Information Society. As a result, the media-related legal internship was a perfect choice for me. PortoMikita Areshka lano Cavallo is an top-rate law firm STEP at Portolano Cavallo Law in every aspect of its activity. I was Firm, Rome truly surprised by people who supported me during my work, their overall knowledge and attitude to high performance in the field of intellectual property. I cannot mention any problem, except some difficulties due to the lack of the linguistic proficiency in Italian. All work was primarily in English, but, obviously, deep knowledge of local language might provide the deeper involvement in the work practice. I was engaged in numerous interesting and challenging tasks during my internship that allowed me to better understand the dayto-day legal work of the international law firm. And… one more point: besides that, you are working in one of the most amazing cities in the world – Rome, which you totally feel as a part of big family that cares about you during your journey.
International Focus Programme Almanac | 55
ELSA Network My name is Ferdinando Cuda and I had one-month traineeship in Vilnius, Lithuania at METIDA Law Firm. I decided to send my application for that Firm because it is a leading Law Firm in the field of IP Law and that is one of my areas of interest. Because of this, I had very high expectations and they have not been disappointed.
task. I approached it like a proper job application process - sell yourself but stay honest. Second advice: do your homework, choose carefully, be honest.
Ferdinando Cuda STEP at Metida Law Firm, Vilnius
Indeed, my workmates were very professional, experienced and skilled. I had the opportunity to deal widely with international work, as clients were from all over the world and I had to assist them with trademarks-related issues, patents and copyrights. My tasks consisted in filling oppositions, preparing observations, cease and desist letters, preparing case law reviews and legal researches. I also had the opportunity to study many judgments of European and International Courts and Authorities to find out the best strategies, which I found very interesting and challenging.
I've been a regular member of ELSA Sweden during my master thesis in human rights law and intellectual property rights law, and I got aware of ELSA STEP programme during my last year of master studies. I was thrilled to participate, Polina Malaja as the programme provided a reSTEP at European Digital markable selection of internship/ Rights Organization, Brussels traineeship opportunities all over Europe: law firms, non-profits, academic institutions - it seemed like a scarce chance to be selected amongst the whole European ELSAnians' network but an exciting challenge to take. First advice: don't give up, don't believe rumours, believe in your strengths. In order to apply, all you needed is to fill a respective form with the three top choices and write a motivational letter to all of them. To fill the standard form was not a biggie, to write proper motivational letters was a bit more time-consuming but if you know where you want to end up and wherein your passion lies, it's a standard 56 | International Focus Programme Almanac
Then the magic happens and you get selected. I got selected to pursue my traineeship in the European Digital Rights (EDRi) in Brussels, an organisation advocating for human rights online. It was a dream opportunity and the highlight of my professional CV, a life-changing experience. Now almost 1,5 years later, I continue working for digital rights for another non-profit. I truly believe that STEP experience in EDRi brought me where I am today: as a professional, as a citizen, and as a lawyer and an activist.
ELSA Network
Organising the Final IFP Conference on Online Hate Speech At every National Council Meeting, ELSA Norway discussed our strategic plan and which goals had been fulfilled. And every year we skipped the goal saying "ELSA Norway should organize an international event every year". Why bother discussing it? International events weren't possible to organize in a small, cold, expensive country like Norway.
in the event? Would we have enough qualified participants? I was prepared to personally convince all my ELSA-friends to apply, but I never had to. Our marketing campaign reached even non-ELSA members and we got way more applications than we needed.
Then came the call for host of the Final Conference on Online Hate Speech. The conference would conclude ELSA's contribution to Council of Europe's “No Hate Speech Movement”. ELSA had carried out a legal research project on the topic in 25 European countries, analyzing EctHR and national law on online hate speech. And now the project would be concluded with a final conference.
We actually expected crisis during the conference-week, but we only got small hiccups: Bar hopping in a mild storm (accepted by patient participants), speakers that didn’t show up (replaced by longer workshops with should/shall-discussions) and always lacking OC-members. Maybe we were lucky or maybe crisis management in advance is actually possible. I choose to believe the latter.
ELSA Norway had just elected a new national board, and though our term didn't start until August, we were eager to get started. Since European Youth Foundation, in cooperation with Council of Europe, was funding parts of the conference, we thought; it's now or never! We had a dedicated (soon to be) national board, a great partner, a starting point of funding and a serious, interesting topic.
Alisa from ELSA Switzerland once had an inspiring speech about summer law schools, and I asked; “Where do you start?” She answered; “Find that one person who has the motivation and the rest will go by itself ”. Well, I’m not saying it doesn’t take hard work, but what Alisa said is actually true; if you have a dedicated team and the will to succeed, you’ve already come really far.
Already before applying, we realized that we faced several challenges, first and foremost funding. The uncertainty made planning with a moderate budget necessary. We had to kick out all expectations about luxury and realize that this was after all a student conference. But we worried: Would the ELSA network be interested
We also had an outcome of the conference; a practical guideline on how to moderate online hate speech. The guideline was also made into a flyer and a poster. Council of Europe shared these tools, and hopefully it contributed to the overall aim to end online hate speech.
Frida Fostvedt Head of Organising Committee, Advisor of Organizing Committee Final Conference on Online Hate Speech 2013
I think it was the topic and the academic program that attracted participants. Putting together a 5-day agenda with 20 speakers and wide range of topics takes loads of research and hard work. But with a good academic team and an external academic advisor, it’s possible.
International Focus Programme Almanac | 57
ELSA Network
Mid-IFP Conference on Freedom of Expression in Zagreb
Applying for the hosting of the Mid-IFP conference: Freedom of Expression has been a natural step for ELSA Zagreb. Why is it so? It is an interesting fact, that the proposal for Media Law to be the new IFP topic came from ELSA Zagreb. So Vedran Stanković from the very beginning there has Vice President fot STEP of ELSA International 2015/16 been a special connection between Head of Organizing Committee, the Media Law and ELSA Zagreb. Mid-IFP Conference 2014 And when it entered the implementation phase, we wanted to contribute even more to raising awareness of the topic and educating law students about it. Besides that, we’ve had a long experience of organizing similar academic events, on both national and international level, of exploring the topic of human rights, and we’ve always strived on organizing new, interesting and big projects with high academic value. That’s how we applied, and were appointed as the hosts of the Mid-IFP conference. The conference itself was a big success. We hosted 60 participants from 24 different countries. We also hosted 10 speakers from 3 different countries, and different fields of work for an interdisciplinary approach. The idea behind the topic was to explore the area of freedom of expression, both as such and in a relation to hate speech, protection of information and right to be informed. We covered the topics of reporting human rights, censorship and the influence of online actions on the youth. The focus of the academic programme was on its interactivity and active involvement of the participants, 58 | International Focus Programme Almanac
as well as with a view to have an outcome of the event, a memorandum that would give an overview of the most recent developments of the freedom of expression and its limitations. Having all this in mind - the experts, interdisciplinary, interactivity and internationality - we can proudly say that the aim of having a project of high academic value, raising awareness of the topic and contributing to legal education, has been achieved. Not less important are the human resources behind the conference. The whole Organizing Committee worked very hard and was glad to host such a notable event and its participants. It is an experience that we will never forget, and the skills and knowledge that we have acquired, as well as the contacts that we have established, are invaluable. Besides the satisfaction of contributing to legal education in Europe, we have also found the opportunity to develop ourselves. Speaking both on behalf of ELSA Zagreb and personally, this is the project that I’m the proudest to have organized. I would repeat everything again, and I would encourage everyone to organize similar project themselves. This project is for me what ELSA is about and why I joined and love this association – contributing to legal education, raising awareness of the important topic in the society, providing the opportunities for law students and young people to personally and professionally develop themselves, and bringing different people together in the spirit of respecting human dignity and cultural diversity.
ELSA Network
Final IFP Conference on Media Law in Trieste
From 16th to 21st May 2016, Trieste was the breathtaking setting of The IFP Final Conference. The Concluding Conference was the main event the International Focus Programme on Media Law consisted of and took place at the end of Elena Maglio a three-year implementation period. Head of the Organising Committee of the Final IFP Conference It played an important role in summarizing the results of the whole project, as well as representing the starting point of the IFP to come. The Conference was supported by the Youth Foundation of the Council of Europe.
Synergy and interaction are probably the best words to convey what the IFP Concluding Conference was all about. Active and non-active members experienced firsthand how exchanging ideas and perspectives can make the difference in achieving the goal of fostering progress and increasing awareness: we are all different, but as long as we work together, we can make our voice count and play an active part in building a â&#x20AC;&#x153;just worldâ&#x20AC;?.
The meeting was attended by officers and members from all over Europe, seeking inspiration and willing to play a part in outlining future ELSA improvements. Five full working days, with English-taught lectures, workshops, panel discussions and trainings, helped the participants gain an insight into the scientific achievements resulting from the project. The most controversial aspects of Media Law were explored by highly qualified lecturers with different backgrounds: cultural diversity enabled speakers and participants to compare all their different ideas and played a major role in achieving the goal of highlighting the benefits of cooperative work and interaction. ELSA officers had sessions on the most important events on Media Law of the network. International Focus Programme Almanac | 59