Home Blog

BoF: ‘European Commission wants to get rid of encryption’

European Commission

If it is up to the European Commission, companies must do everything possible and impossible to monitor internet users. This means, among other things, that providers of chat applications must devise a way to circumvent end-to-end encryption. Every company has to decide for itself which technological solution it wants to use. The bill has yet to be presented, but already threatens to turn out to be “disastrous”.

That writes Rejo Zenger, policy advisor at Bits of Freedom, in an opinion piece.

Major concerns about the European Commission bill

Today the European Commission presents a bill to tackle the sexual exploitation of children. Although the plans are not yet final, there are already a lot of rumours about the content on the internet.

One of the aspects presumably mentioned in the proposal is client-side device scanning. This means that technology companies remotely scan mobile phones and other devices for child pornographic images. Or other forms of child abuse. Privacy experts are very concerned about this, VPNGidsd.nl wrote earlier today.

According to Zenger, the European Commission wants to force companies to look over the shoulder of internet users. If they suspect the possession or distribution of child pornography material, they must remove this information or report it to the police. But it goes even further, according to the policy advisor. “Internet service providers can also be ordered to monitor their users’ internet traffic.”

Eavesdropping on users

The European Commission does not know exactly how companies should do this. And that can create worrying scenarios. Take an application like WhatsApp. This shields messages with end-to-end encryption. This allows only the sender and receiver to read messages. Even WhatsApp does not know the content of the chats.

The only way for WhatsApp to bypass end-to-end encryption and read users’ messages is to install spyware-like software. “For the sake of convenience, the Commission leaves that decision to the platform,” said Bits of Freedom. The day-to-day management of the EU thus gives the impression that it wants to get rid of encryption.

‘Sooner or later things will go wrong

Zenger says he may sound a bit pessimistic. After all, safeguards have been built into the bill to protect the privacy and security of users. For example, an order to wiretap customers may only be issued if existing measures are insufficient. The summation must also be proportional: if the negative consequences for those involved outweigh what the bell is trying to achieve, it may not be issued. So you could conclude that installing spyware is too much of an invasion of users’ privacy.

“But the proposal also says: ‘The choice of technology is up to the company, as long as the requirements of this law are met,’” cautions Zenger. “Based on the leaked proposal, that is coffee grounds. Unfortunately, our many years of experience teaches us that you should interpret legislative proposals in their worst reading. What can go wrong, will go wrong sooner or later.”

He fears that police or other law enforcement agencies could order providers to block Internet access to specific pages.

Bill promises to be ‘disastrous’

Zenger thinks we can prepare for “one of the most emotional political debates in European politics”. In his view, the bill is damaging to trust in our digital communication. In addition, it is linked to a socially sensitive subject: tackling and combating child abuse. “It will be the debate in which rational arguments, even more than usual, will be defeated in favour of the gut,” fears the policy advisor.

The bill promises to be “disastrous” anyway. “The European Commission is depriving companies of any incentive to make their service more secure. That could be interpreted in the current political debate as a step against the purpose of this law. As a step that is not against the sexual abuse of children. No company wants to be in the limelight like this,” argues Zenger.

Addressing the problem of child abuse requires a broader view, according to Bits of Freedom. “The European legislator must therefore focus on other measures. For example, streamlining cross-border criminal investigations, strengthening cooperation between different services and eliminating the enormous backlogs of the vice squad,” Zenger concludes his contribution.

Catch up on more articles here

Follow us on Twitter here

EU condemns Russian cyber attacks on Ukraine

Russian cyber attacks

The European Union accuses Russia of carrying out “malicious cyber activities” against Ukraine. One specific attack, the one against the satellite network KA-SAT, has been strongly condemned. Member States are considering taking further steps to stop Russia.

This is stated in a press statement from the European Council, which includes the heads of government of all 27 EU countries.

‘Significant impact’

According to the Council, the cyber attack on the satellite network took place one hour before the invasion of Russian tanks in Ukraine on 24 February. The government leaders suspect that Russia carried out the attack to facilitate the invasion. The digital attack said it had a “significant impact” because communication was disrupted. Not only companies and users in Ukraine, but also in the other EU Member States were affected by this outage.

The European Council therefore strongly condemns Russia’s attack on the satellite network. “This unacceptable cyberattack is yet another example of Russia’s continuing pattern of irresponsible behaviour in cyberspace, which was also an integral part of the illegal and unwarranted invasion of Ukraine,” the Council said.

She emphasizes that Russia’s behaviour goes against all expectations that members of the United Nations (UN) have. States must demonstrate “responsible behaviour” both in the physical world and in cyberspace.

Security of European citizens at stake

The Russian cyberattacks target, among other things, the vital infrastructure of Ukraine, the Council says. She refers to the attempt by Russian hackers to shut down the Ukrainian electricity network. A ‘military hacking team’ – believed to be the Russian hacker group Sandworm – attacked a Ukrainian energy supplier to stem the tide of the Russian invasion. Cybersecurity experts managed to repel the attack.

The European Council is concerned that attacks on the vital sector are spreading to other countries and have “systemic consequences”. This threatens the safety of European citizens. The EU will not let that pass.

“The European Union, in close cooperation with its partners, is considering further steps to prevent, deter, deter and address such malicious behaviour in cyberspace,” the press release said. The Council pledges to continue to provide financial and material support to Ukraine to increase cyber resilience.

Hundreds of cyber attacks by Russian state hackers

It is the first time that the European Council has spoken out so strongly against Russia. The EU has pointed out the dangers of cyber-attacks on more than one occasion. Making Russia directly responsible for the attacks was, politically, a step too far. However, she emphasized that the attacks were carried out from Russian territory. The Kremlin has always denied having anything to do with these attacks.

Research by Microsoft shows that Russian state hackers have been responsible for hundreds of cyberattacks since the war broke out. According to the American hardware and software company, there are at least 237 attacks. The hackers also spread disinformation in the hope that confidence in the Ukrainian government would decline. Finally, Microsoft saw “limited espionage activities” involving NATO member states.

The Google Threat Analysis Group (TAG) recently reported that Russian state hackers in particular are increasingly carrying out attacks. This mainly involves spam and phishing campaigns to obtain usernames and passwords from Eastern European politicians, government officials, journalists and NGOs. TAG also saw that Chinese state hackers more often target Russian targets.

Catch up on more articles here

Follow us on Twitter here

Clearview stops selling facial recognition technology to businesses

facial recognition

Clearview AI promises to no longer sell its facial recognition technology to commercial parties in the US. The company may still provide its services to investigative authorities and governments. The American Civil Liberties Union (ACLU) sees the settlement as a victory.

The interest group reports this on its website.

Clearview AI is an American company engaged in the development of facial recognition technology. Over the years, the company has built a database of more than ten billion facial profiles. To set up this database, it used scraping software. This is a program that automatically visits public sources on the Internet and collects profile pictures and associated information. A proprietary facial recognition program then builds a facial recognition database.

For a fee, investigative and enforcement authorities worldwide are allowed to use the search function of the database. In the US alone, there are more than 2,400 agencies that do that. For example, the FBI used the software to identify and track down rioters who took part in the storming of the Capitol. The director of the intelligence service found the use of this technology justified in this case.

Clearview’s technology would also be used by the police in the Netherlands. Sander Dekker, the then Minister for Legal Protection, denied that. “Using Clearview is incompatible with legal provisions and violates our fundamental rights. The collection and processing of personal data for the purpose of criminal proceedings must be aimed at a concrete purpose, must be based on the law, and must comply with the principles of proportionality and subsidiarity. And this must be possible to monitor,” Dekker wrote in a letter to the House of Representatives.

Facial recognition technology is a civil rights violation

Opponents and critics have been very concerned for years about the way Clearview AI works. They believe that the company’s facial recognition technology violates the privacy of citizens. In addition, facial recognition can lead to discrimination, racial inequality, mass surveillance and ethnic profiling.

Major US tech companies such as IBMAmazon and Microsoft have therefore discontinued or restricted the use of facial recognition technology. They are waiting for politicians in Washington to introduce legislation that provides more clarity about the application possibilities.

ACLU and Clearview reach settlement

The ACLU decided not to wait for that and went to court. In the indictment, the US civil rights organization demanded that Clearview AI stop selling and free distribution of its facial profile database to commercial parties within the US. Clearview pledged in court to heed this appeal.

Furthermore, the company will not offer its services in the state of Illinois for the next five years. In the other states, Clearview is allowed to do business with the federal government, government agencies and investigative services. In addition, Illinois residents may opt out of the company to have their face removed from its profile database. The settlement states that Clearview is earmarking $50,000 to serve ads for this opt-out opportunity.

ACLU is happy with the settlement. “By requiring Clearview to comply with Illinois’ groundbreaking biometric privacy law not only in the state but nationwide, this settlement demonstrates that strict privacy laws can provide real protection against abuse. Clearview can no longer treat people’s unique biometrics as an unlimited source of profit. Other companies would do well to take note, and other states should follow Illinois’ lead by enacting strict biometric privacy laws,” said a civil rights activist.

Clearview violates European privacy law

Other European countries are also concerned about Clearview AI. Regulators and privacy organizations from France, Italy, Greece, Austria and the United Kingdom jointly filed a complaint against the company last year. They believe that Clearview is violating European privacy rules by collecting large-scale and automated biometric data from European citizens. No explicit permission has been given for this and there is no legal basis. Furthermore, Clearview AI is not transparent enough about what it does with the collected data and the company does not comply with the principle of data minimization.

“Clearview’s technology and its use are causing damage that European data protection law was supposed to remedy. Privacy International, therefore, calls on regulators to take coordinated enforcement measures to protect individuals from these highly invasive and dangerous practices,” Privacy International wrote in a press statement.

European member states impose multimillion-dollar fines on Clearview

The Italian regulator imposed a fine of 20 million euros on Clearview in March this year. The privacy watchdog concluded that the company unlawfully collected and processed biometric data and location data of Italian citizens. The company also violated European privacy laws and was not open and honest about its data collection practices.

The Information Commissioner’s Office (ICO)  fined Clearview AI at the end of last year of £17 million for violating UK privacy rules. Regulators from France, Sweden, Germany, Canada and Australia ordered the company to stop collecting photos of citizens and to delete photos already in the database.

Catch up on more articles here

Follow us on Twitter here

Head of Spanish secret service fired for using Pegasus

Spanish secret service

Paz Esteban, the head of the Spanish secret service CNI, was fired today. Last week, she admitted that the service has tapped mobile phones belonging to Catalan politicians, activists and lawyers. For this, the service used the controversial espionage software Pegasus.

That writes the Spanish newspaper El País.

Pegasus used to eavesdrop on Catalan and Spanish politicians

Pegasus, an eavesdropping program developed by the Israeli NSO Group, has been gripping Spain for several weeks. Last month it was announced that the software had been used to eavesdrop on dozens of Catalan politicians. Members of the European Parliament, activists, journalists and civil society organizations have also reportedly been under surveillance with Pegasus. All of this happened between 2017 and 2020. It is rumoured that the Spanish government ordered it.

The scandal is bigger. Félix Bolaños, Spain’s presidency minister, told a news conference last week that President Pedro Sánchez and Defense Secretary Margarita Robles were secretly wiretapped with Pegasus last year. “It’s not an assumption, these are very serious facts,” Bolaños said. He ordered the Spanish judiciary to investigate the “unlawful and unauthorized operation”.

Spanish media reported that more than 2.6 GB of information was stolen using Israeli spy software. Whether that is the case and what data was stolen has not been confirmed by the government.

‘A major failure of the CNI’

Paz Esteban appeared several times before an inquiry committee of the Spanish House of Commons after the wiretapping became known. There she was interrogated and questioned about the wiretapping for hours. Then she admitted that espionage activities had taken place under her leadership. She had not informed the Prime Minister or other ministers of this.

“The past two weeks have in themselves been a major failure of the CNI, which should remain under the radar and not be the topic of conversation,” a member of the government summarized over the weekend. The ministers unanimously decided that Esteban could no longer remain as head of CNI.

‘Strengthening the Secret Service’

Secretary Robles announced the news of her resignation today. In her speech, she thanked 64-year-old Esteban for her commitment to the fight against terrorism. “It is necessary to strengthen the secret service and take a step forward and modernize (…) Today we take another step to defending Spain against the attacks coming from different parts of the world,” Robles defended the decision to Esteban’s dismissal.

According to the Spanish newspaper El País, it was difficult for Robles to fire Esteban. She was the one who openly supported her appointment as Director of the Secret Service. And now it’s Robles of all people who has to kick her out. During her speech, Robles said that it was not a resignation, but “a replacement”.

Esteban’s successor is Esperanza Casteleiro, the State Secretary for Foreign Affairs.

Catch up on more articles here

Follow us on Twitter here

AVG Foundation launches AVG OK vignette

AVG Foundation

AVG OK, that is the name of the quality mark that the AVG Foundation is launching today. With the vignette, the foundation wants to assure citizens, companies, customers, employees and members that an organization handles personal data properly. If it is up to the foundation, the quality mark is the prelude to an official AVG certificate.

The AVG Foundation informs VPNGids.nl about this.

Too many privacy complaints and data leaks

The AVG OK vignette is urgently needed, according to the foundation. In practice, it appears that many companies, organizations and authorities do not take the protection of private data seriously enough. The annual figures of the Dutch Data Protection Authority prove this. The regulator recently reported in its annual report that it received 24,866 reports of data breaches last year.

The number of privacy complaints did drop from 25,590 to 18,914. This decrease is probably due to the fact that it takes the privacy watchdog six months and more to process a complaint, which may deter Dutch people from reporting a privacy breach.

The Dutch Data Protection Authority imposed a fine 11 times last year for violating the General Data Protection Regulation (GDPR). The tax authorities received the highest fine for unlawfully processing nationality data of people who applied for childcare allowance.

‘Many companies do not have their GDPR in order’

The Dutch regulator checks whether companies comply with European privacy legislation. Another important task of the privacy watchdog is information. Anyone with questions about privacy-related matters can turn to the AP for free advice. Employees also organize information evenings on the subject.

What the Dutch Data Protection Authority does not do is hand out quality marks or certificates. According to the AVG Foundation, this is a major shortcoming. That is why the foundation itself is introducing a quality mark today: the AVG OK vignette. “People want to be able to assume that organizations handle their data with care,” says Maarten Roelfs of the AVG Foundation.

He continues his story. “Unfortunately, there are still many companies in the Netherlands that do not have their GDPR in order. Our vignette was created for companies that do comply with the legislation; they can use the vignette on their website to demonstrate that they take privacy seriously and that they invest time and resources in it.”

Roelfs emphasizes that the AVG OK quality mark is not an official AVG certificate. If it is up to him, it is a precursor to an official quality mark from the Dutch Data Protection Authority.

Great need for AVG quality mark

The AVG foundation says that the need for an AVG quality mark is great. The foundation works with 180 industry and professional associations that support the AVG-OK vignette. One of those parties is the travel industry organization ANVR. “ANVR companies are travel organizations that handle a lot of important personal data with great care. We are therefore pleased with the AVG OK vignette so that our members can also make this known to their customers in an objective manner,” says Frank Radstake, responsible for Consumer Affairs at ANVR.

The AVG Foundation manages the AVG OK vignette and checks whether the applicant meets all the requirements set by European privacy legislation. If everything is in order, the company or organization submitting the request will receive the seal of approval. In order to get privacy in order outside the program as well, the foundation also works together with market parties.

Catch up on more articles here

Follow us on Twitter here

US college closes doors after cyber attack

US college

Lincoln College in the US state of Illinois will close its doors for good from May 13. A cyber attack that took place at the end of last year is an important reason for this. The corona pandemic also had a major impact on the finances of the educational institution.

The American college announces the sad news in a press release.

Lincoln College sees record number of applications

Lincoln College has a long and rich history. The school was founded in 1865 and went through all kinds of difficult times. The board cites the economic crisis of 1887, the great campus fire in 1912, the Spanish flu of 1918, the economic depression of the 1930s, the Second World War and the global credit crisis of 2008 as examples.

The educational institution managed to overcome all these hardships. In the fall of 2019, the school even faced a record number of student registrations. All student rooms on campus were packed. The school prospered and there was no indication that the tide would turn.

Corona pandemic worsened financial position

However, that happened at the beginning of 2020, when the corona pandemic broke out. That had “a dramatic impact on recruiting and fundraising efforts, sporting events and all activities of campus life,” writes David Gerlach, president of Lincoln College.

The outbreak of the coronavirus meant that the school was faced with investments and high costs to ensure the safety of students and staff. The number of new students enrolled also fell. They decided to postpone their studies, leaving the school in a dire financial position.

Cyber ​​attack proves fatal blow to Lincoln College

The proverbial straw that broke the camel’s back was the cyber attack that took place at the end of 2021. As a result, all admission activities for students were made impossible. Also, researchers and students did not have access to research data. The attack left a blurry picture of the enrollment forecast for the fall of 2022. “All systems required for recruiting, retention and fundraising were rendered inoperable,” the press release read.

No personal data was stolen during the cyber attack. The repair work took several months. It was not until March 2022 that all systems were fully restored. Then the board saw that the number of registrations had fallen sharply. The only way to get through the current semester was through donations or a partnership.

The educational institution says it has done everything it can to get its finances back in order. Fundraising campaigns have been set up, assets sold and costs saved. “Unfortunately, these efforts have not resulted in a long-term viability of Lincoln College in the face of the pandemic,” the press statement said.

‘Had an impact on the world’

Gerlach says he regrets the decision. “Lincoln College has been helping students from around the world for more than 157 years. After all, the loss of history, careers and a community of students and alumni is complete,” said the chairman. “While we have undeniable grief and sorrow, we find comfort in knowing that Lincoln College has served generations of alumni who have undoubtedly made an impact on our world.”

Catch up on more articles here

Follow us on Twitter here

Colonial faces $1 million fine after ransomware attack

ransomware attack

Colonial Pipeline may face a fine of nearly $1 million. After inspection, the regulator finds that the American oil company has probably violated several safety guidelines. Colonial can challenge the fine.

The Pipeline and Hazardous Materials Safety Administration (PHMSA) reports this in a press statement.

Colonial Pipeline CEO Pays $4.4 Million in Ransom

In May 2021, Colonial Pipeline was the news of the day. The petroleum company was the target of a ransomware attack. Hackers penetrated the company’s corporate network and were able to install ransomware. As a result, the oil company was forced to temporarily shut down production.

The attackers also managed to get hold of 100 GB of sensitive company information. They managed to steal names, contact information, dates of birth, copies of identity documents and health data of employees. Financial records, tax bills, insurance papers, reports and audits were also stolen.

Because tens of millions of Americans depend on the petroleum supply, the company decided to pay the hackers $4.4 million in ransom. “I realize it is a controversial decision. I didn’t take that lightly. I didn’t feel comfortable watching the money flow to the perpetrators. I did it in the national interest,” CEO Joseph Blount said in an interview.

Hackers managed to infiltrate network with leaked password

An investigation by cybersecurity company Mandiant showed that the hackers – believed to be members of the Russian hacker group DarkSide – had no access to critical parts of the IT systems. The perpetrators used a password from an employee’s VPN account to infiltrate the company’s network. It was leaked over the dark web. The account was not protected with two-factor authentication (2FA).

Colonial Pipeline restarted production on May 13. In August, the oil company sent 5,810 letters to people whose private information had been stolen. “We take our obligation to protect personal information very seriously and point it out to you so you can take steps to help protect yourself,” the chief executive promised in the letter.

Regulations are there for a reason

The story may have another twist. From January to November 2020, the PHMSA conducted an inspection to study Colonial Pipeline’s procedures and records. This shows that the oil company probably violated various safety regulations. For example, the company did not have a roadmap for manually shutting down and restarting the pipeline system. As a result, the ransomware attack could get so out of hand.

The PHMSA notified Colonial Pipeline of the violations. The regulator believes that a fine of $986,400 is appropriate. “The 2021 Colonial Pipeline incident is a reminder to all of us that it is imperative to comply with regulatory standards designed to mitigate risk to the public,” said PHMSA Deputy Director Tristan Brown.

Colonial Pipeline can challenge the fine and appeal the sanction. Whether the company actually does that is unknown. The oil company has not yet responded to the fine.

Catch up on more articles here

Follow us on Twitter here

No diplomatic response after attacks on transport sector

transport sector

The government is not taking any diplomatic or legal action in response to the ransomware attacks on the Dutch transport and logistics sector. The attacks are most likely committed with a criminal motive. It is also difficult to identify the culprit with certainty.

That writes Minister of Foreign Affairs Wopke Hoekstra in a letter to the House of Representatives.

European countries target of series of cyber attacks

At the end of January and the beginning of February of this year, several ransomware attacks took place in the Dutch and European transport and logistics sector. In a week, 17 storage depots of petroleum, gas and other chemical products in the Netherlands, Belgium and Germany were hit by digital attacks. Port cities and storage depots such as Amsterdam, Rotterdam, Terneuzen, Antwerp and Ghent were the targets of hackers.

Loading and unloading was delayed due to the cyber attacks. In order not to endanger the oil supply, the German branch of Shell was forced to temporarily divert the oil supply. According to a spokesman for the storage terminals of Evos, the supply of petroleum and other fuels was not at issue.

Swissport was also hit by hackers. The attackers shut down part of the international IT infrastructure. The Swiss aviation service provider was able to continue to offer its ground services, but travellers on international flights were affected by delays. Broshuis, a Dutch company specializing in special and container transport, was also the target of a ransomware attack.

No coordinated attack

All in all, cyberattacks caused a lot of headaches. Not only at the companies themselves, but also in political The Hague. During the ‘International Cyber ​​Security’ Commission debate, which took place on Wednesday 13 April, Sjoerd Sjoerdsma (D66) asked critical questions about the attacks. He wanted to know from Minister Hoekstra (Foreign Affairs) whether the attacks could be traced back to Russia. He also inquired about the diplomatic or legal response the Netherlands has given to the attacks.

Minister Hoekstra has answered Sjoerdsma’s questions in writing. He refers to the response of the National Cyber ​​Security Center (NCSC) to the events. The agency cannot determine with certainty that there was a coordinated attack. “The attacks were probably committed with a criminal motive,” the minister wrote.

Thus, according to Hoekstra, there was an “insufficient basis” for a diplomatic or legal response. “Factors that play a role in decision-making about this include the impact and nature of the attack and the degree of certainty with which the perpetrator of the attack can be identified,” he writes.

‘The situation could be different tomorrow’

The Minister of Foreign Affairs also discusses the possible cyber threat against the Netherlands as a result of the war in Ukraine. Minister Hoekstra emphasizes that the NCSC has been closely monitoring cybersecurity-related developments since the start of the Russian invasion. “At the moment there are no concrete indications that targeted digital attacks have taken place on the Netherlands,” said the minister.

In doing so, the minister is repeating the position that the NCSC provided at the end of March. According to the NCSC, no major, advanced cyber-attacks have occurred to date that have an impact on the Dutch infrastructure. That does not mean that these can still be implemented in the near future. “The situation may be different tomorrow; we do not rule out attacks and their possible consequences on the Netherlands,” the NCSC warned.

Catch up on more articles here

Follow us on Twitter here

Personal data 21 million VPN users on the street

VPN users

The private data of 21 million VPN users is offered for free on Telegram. In total, this concerns 10 GB of data. The hackers may be holding back some of the stolen data.

VPNmentor reports that.

Data from free VPN providers

The database with all personal data was published on Saturday 7 May via a Telegram channel. This is a SQL dump of 10 GB in total. According to the tech site, the dataset consists of 21 million rows, which means that 21 million users are affected by the data breach.

Names, usernames, email addresses, country of origin and financial information have ended up on the streets. This also applies to regular users and members with a premium subscription. Finally, password strings have also been leaked. The passwords are secured, which makes cracking them more difficult. But not impossible.

The data comes from users of GeckoVPN, SuperVPN and ChatVPN. These are all free VPN providers. Curious about the best free VPNs of the moment? Then read our overview, where we take a closer look at our favourite free VPN providers.

Perpetrators may be withholding information

It is not the first time that we write about the stolen private data of VPN users. In March 2021 (presumably the same) data was already put up for sale. At that time, it was about the same data from the same VPN providers. The big difference with now is that the data has been dumped in a Telegram channel and everyone can download the dataset for free.

VPNmentor says there are indications that the perpetrators may not have left all the stolen information via Telegram. Research from the site shows that 99.5 per cent of all email addresses came from Gmail. That is a significantly higher share than normally in a data breach. So the hackers may have even more stolen data.

Free or paid VPN?

Buying a free VPN sounds tempting, but as the example above shows, that is not always a wise choice. If you value your privacy, a paid VPN subscription is a better idea. VPN providers that charge customers a monthly fee for their services almost always have better logging and privacy policies. Providers like NordVPN or Surfshark do not keep logs of users’ internet activities.

Free VPNs also have other drawbacks. The number of VPN server locations of free providers is often limited. Not only do they often have fewer servers, they are also often located in a handful of countries. The chance that you will find the right VPN server is therefore a lot smaller. You don’t have to worry about this with paid VPN providers. They often have thousands of servers in dozens of countries.

Another disadvantage of a free VPN service is that you are often imposed a data limit. In practice, this is often so small that you barely have enough data to watch your favourite movies and series via a streaming service. To ensure network stability, free VPN providers limit your internet speed.

Are you suddenly more interested in a paid VPN? VPNGids.nl has tested numerous VPNs and listed the 5 best VPNs for you.

Catch up on more articles here

Follow us on Twitter here

BoF sees nothing in European Commission bill against child pornography

European Commission bill

Bits of Freedom is not in favour of the child sexual exploitation bill that the European Commission is likely to announce this week. The interest group is afraid that conversations are no longer confidential. She, therefore, sent a letter to the executive board of the EU, requesting that parts of the proposal be deleted.

That writes Rejo Zenger, policy advisor at Bits of Freedom, in an opinion piece.

Legislation must be ‘effective and sustainable’

The sexual exploitation of children and distribution of child pornographic material is a major problem that needs to be curbed. The interest group is firmly convinced of this. It is important in this battle that the legislation is “effective and sustainable”. This means that policymakers should not come up with laws and regulations that, at all costs, do everything they can to prevent this.

That’s exactly what Bits of Freedom is afraid of. The European Commission is likely to present a bill this week to combat the distribution of child pornography and tackle the sexual exploitation of children.

One of the things in the proposal is that platforms such as WhatsApp and Telegram will be forced to watch all chats from users. We also call this client-side device scanning. If they find anything suspicious, they should report it to the police.

For these reasons, BoF sees nothing in the European Commission’s plans

Zenger emphasizes that the idea of ​​the European Commission is noble. At the same time, he thinks it’s a bad idea. He puts forward three reasons for this.

Firstly, there is no independent research into the effectiveness of the type of technology envisaged by the Commission. “The figures available are vague and from WC Duck itself. That is undesirable because we mean that we are investing in an unproven technology – with all the associated risks,” says Zenger.

The policy advisor of Bits of Freedom calls the constant monitoring or the shoulders of users a general obligation to monitor. “That is against European rules and sooner or later European judges will declare such a law invalid. That makes such a measure anything but sustainable.”

Finally, client-side device scanning detracts from end-to-end encryption. End-to-end encryption is all about ensuring that only the sender and receiver can read your messages. Governments, security services, police and other investigative authorities cannot view these. This also applies to tech companies that offer these chat applications.

‘Breach of the right to privacy can never be proportional’

In his letter to the European Commission (PDF), Zenger writes that a general monitoring obligation is anything but sustainable and effective. “The infringement of the right to privacy can never be proportionate. And that is all the more relevant at a time when every aspect of our lives is becoming increasingly digital and the importance of a secure digital infrastructure is only increasing. The social costs of the measures in the proposal are therefore enormous. In our democratic society, it is not appropriate to take measures at all costs”

He, therefore, calls on the European Commission not to launch parts of the bill. That is not to say that the Commission should sit on its hands. “Tackling the problem requires a broader view. The European legislator can focus on streamlining cross-border criminal investigations, increasing investigative capacity, better sharing knowledge and skills and taking more preventive measures that make young children more resilient. These kinds of solutions are not controversial and at least as effective,” said Bits of Freedom’s policy advisor.

EOKM receives hundreds of thousands of reports of online child abuse

The Online Child Abuse Expertise Agency (EOKM) recently showed that the sexual exploitation of children on the Internet is a major problem. In its recently presented annual report, the organization wrote that it received more than 400,000 reports of (possible) child abuse last year. More than half of these reports (57 per cent) came from the Netherlands.

Half of the reported footage was found in the cloud. According to the EOKM, this is a new and worrying trend. According to Dutch law, the cloud environment is a private environment. Researchers from the expert bureau are not allowed to assess images that come from there. What the organization does is pass the URLs to the hosting company. It is then up to this party to remove any illegal footage.

Catch up on more articles here

Follow us on Twitter here