06.17.15
Posted in Europe, Patents at 3:30 am by Dr. Roy Schestowitz
Summary: EPO abuses are attracting more political attention, leading to complaints and concrete steps/actions. Articles continue to come, highlighting more of them.
A YEAR ago staff of the EPO complained, but the media did not and politicians certainly did not. The landscape is profoundly different right now because any European politician who follows the press must know about the EPO scandals and utter lack of oversight. Here is a very detailed and helpful summary from Merpel, reporting on what has happened this year (so far). “The social reform programme is being pushed through,” she wrote, “just as Mr Battistelli announced at the end of 2014. However, given that Mr Battistelli has refused to authorise a full complement of staff representatives on the committee that oversees such proposals, it’s hardly surprising that the 10 loyal managers voted his proposals through over the heads of the 9 staff members and an empty seat.”
Battistelli continues to run an authoritarian and oppressive regime. Anyone who does not agree with him will likely find his or her way out and anyone who dares to speak about Battistelli and his cronies negatively behind their back will most likely be accused of “defamation” (that’s what Battistelli calls facts). We have covered some of the facts for nearly a year now and we cataloged everything chronologically. There will shortly be another summary from us, it’s just that things are moving too fast at the moment (this month has been the busiest, with the highest volume of posts on this subject). It’s too dynamic to be worth documenting or summarising just yet.
“In a well attended General Assembly,” writes SUEPO, “staff of the EPO adopted a resolution to be sent to Heiko Maas, Federal Minister of Justice and Consumer Protection. The letter informs Heiko Maas of the investigation of staff representatives and/or union executives by the company Control Risks during the trilateral talks on union recognition.” (source: “Letter to Heiko Maas, Resolution adopted by staff of the European Patent Office” at suepo.org)
Here is the letter [PDF]
in German. Translations would help expand the scope/reach of this letter, so we invite readers to help.
“Letter to EU commissioner Elzbieta Bienkowska,” says SUEPO, was also sent. It was sent to the “JURI committee and the Members of the Policy Department C (Citizen’s Rights and Constitutional Affairs) of the EU Parliament.”
Here is the letter [PDF]
as HTML, excepting the annexes and other material which was published here before:
To,
the Commissioner ElZbieta Biefikowska,
the JURI Committee, via Pavel SVOBODA
(Chair) and,
the Members of the Policy Department C (Citizen’s Rights and Constitutional Affairs) of the European Parliament, DG Internal Policy, via Dr Udo BUX (Department administrator)
All by e-mail
Amsterdam, 12 June 2015
Our ref. –
Your ref. –
Direct tel.nr: (020) 344 62 15
Direct faxnr: (020) 344 62 01
Re: “The European Patent Office State of Play — In depth analysis for the JURI Committee”
Dear Ladies and Gentlemen,
As counsel of the Staff Union of the European Patent Office (SUEPO), we would like to ask your attention for the following.
SUEPO has read the above-mentioned document with interest. Please allow us, however, to complete the picture portrayed in the report with the following considerations.
While the EPO is undoubtedly capable of providing the EU with valuable services in respect of the Unitary Patent, there are serious concerns that its internal structure does not meet the standards of transparency and labour
____________
1 http:/www.europarl.europa.eu/RepDat2/etudes/IDAN/2015/519208/IPOL IDA(2015)519208_EN. pdf
12 June 2015, page 2
conditions which the EU institution expect of themselves. This project will be in jeopardy if it relies on a system in violation of fundamental human rights and on deficient labor conditions, and if staff performing quasi-judicial work does not enjoy internationally acceptable and agreed legal standards. Let us explain this.
1.On 17 February 2015, the Dutch Court of Appeal in The Hague2 found that the EPO is in breach of fundamental rights, relating to the staff union’s freedom to operate and bargain. The EPO has however refused to remedy the situation. While formally claiming immunity from execution, the President of the EPO has suggested that the Judges of the Dutch Court of Appeal are ignorant and incompetent. In line with this attitude, the EPO has systematically turned down requests for professional mediation to restore social peace. All of this should be seen as an alarm signal about the way the Rule of Law is perceived by the top management and the Administrative Council of the EPO.
2.Another example of deficient labor conditions and the EPO’s far reaching use of powers, is the organisation ́s commissioning of an external company, Control Risks, to carry out investigations and interrogations on elected staff representatives and union officials who voice criticism of the management policies of President Battistelli (Annex 2).
3.Furthermore, according to a recent press report (Annex 3), the EPO has installed machinery to hack the communications from a number of PCs installed in the public areas of the EPO’s premises. Please be also be aware that data protection in the EPO appears to be woefully inadequate (Annex 1).
4. The EPO has drastically weakened the position of vulnerable staff, in particular sick staff. Such staff members are put under increased pressure bordering on systematic harassment. Their freedom of movement as European citizens is severely curtailed. Measures to safeguard medical confidentiality have been weakened. The EPO has gone as far as abolishing the notion of occupational diseases and accidents.
5. Independent sources have found that there is currently no effective mechanism in place to resolve legal disputes. The dispute resolution system is dysfunctional and burdened by huge backlog that de facto leads to such delays as to deny justice for staff. The Administrative Council of the EPO, at the behest of the President and without any democratic control from the Member States, enacts rules and decisions that are not subject to any independent legal or political check other than financial considerations.
____________
2 http://uitspraken.rechtspraak.nl/inziendocument?id=ECLI:NL:RBDHA:2014:420
Translation in English: http://www.suepo.org/public/su15088cpe.pdf
[...]
EPO data protection is not in line with EU institutions
1.The President of the EPO recently (with effect from 1 April 2014) adopted new guidelines for data protection at the EPO. He did so without informing, let alone consulting the national delegations of the Administrative Council, the body supervising the EPO. The new guidelines have drastically enlarged the scope of the data protection guidelines previously in force: the new guidelines now also concern external users of the EPO, e.g. patent applicants. It is questionable whether European Patent Convention gives the President of the EPO such a competence, cf. Articles 10(2)c) and 33 of European Patent Convention.
2.The new data protection guidelines are not in line with general regulations on data protection applicable to EU institutions and EU public on the territory of the EU (cf. Regulation EC 45/2001 & Directive 95/46/EC). They do not provide the necessary safeguards for the persons or entities affected both inside the EPO, e.g. staff or contractors, and outside, e.g. patent applicants or companies. They do not provide the required independence and authority of the data protection Officer. They miss a function equivalent to the Data Protection Supervisor that exists in all EU institutions. The way the data protection guidelines are currently implemented at the EPO would not be considered as adequate in any EU institution.
3.The reference to fundamental rights, present in both the Directive 95/46/EC and in Regulation (EC) 45/2001, and that was present in the previous EPO data protection guidelines has are been removed from the new EPO guidelines on data protection.
4.Whereas in the EU institutions, data can only be processed for purposes other than those for which they have been collected under very strict conditions, at the EPO, the President is able to decide on a change of purpose, without anybody being able to oppose it.
5.The new data protection guidelines have been drafted to remove any obstacle to the implementation of the controversial – and legally challenged – EPO investigation guidelines. For instance, the EPO guidelines give the EPO investigation Unit the right to operate without any control from the Data Protection Officer.
6.In view of the above, a check by the appropriate EU body seems appropriate before entrusting the EPO with the granting of the Unitary Patent.
[18 more pages in the original PDF, includes news clippings]
SUEPO writes in reference to this article which we covered last week: “The Süddeutsche Zeitung reports that Thomas Petri, the Bavarian Data Protection Commissioner wants to have an external data protection supervisor deployed at the European Patent Office. It has become a matter of public knowledge that publicly accessible computers at the EPO were placed under observation using surveillance technology after the receipt of letters containing [allegedly] defamatory remarks against the Management.
“Data Protection Commissioner Petri previously investigated the data protection arrangements at the EPO in the Spring of 2014 following a complaint and he came to the conclusion that they were deficient. “It emerged that nobody was really in charge”, told Petri.”
Privacy violations are only few among many bigger violations. Members of the French Parliament slam the EPO, perhaps owing to media coverage that keeps them abreast. “The Huffington Post,” wrote SUEPO about this article, “a website partly owned by Le Monde, published a tribune signed by Members of the French Parliament, the French Senate and the European Parliament.
“The signatories regret that the success story of the European Patent Office is “now endangered since 2012 by authoritarian social policies which do not respect the fundamental rights of staff”.”
If any of our French-speaking readers can provide a translation, that would help a lot.
Articles about the EPO’s abuses (at management level) would discourage potential staff and harm recruitment of talent. Who would want to work for an institution that ignores EU law, defies court orders, uses keyloggers against staff, and has the reputation which increasingly mirrors FIFA’s?
The EPO quickly became synonymous with a corrupt “ogre”, much like FIFA. As IP Kat put it yesterday,: “If you thought that the European Patent Office (EPO) was the only international intellectual property administration that was coming under the scrutiny of an increasingly critical world for behaviour that ill befits its status, think again: the African Intellectual Property Organization — better known by its French acronym OAPI — seems to be suffering from the same malaise.”
So EPO has become a yardstick for abuse. There’s clearly an urgent need for a reset. The problem is not the examiners but those at the top who rally them to expand scope and pursue quantity, not quality, while squashing their ability to antagonise. █
Permalink
Send this to a friend
06.15.15
Posted in Europe, Patents at 11:25 am by Dr. Roy Schestowitz
Summary: Another important article from an important media outlet, talking about the European Patent Office’s privacy violations
THIS newly-added PDF has the original in German and an English translation. We remarked on this article a few days ago, right after it had been published. Here it is in English:
10th June 2015
European Patent Office
Call for external oversight of data protection
Thomas Petri, 45, supervised the processing of sensitive data in Schleswig-Holstein and in Berlin before taking up his position as Data Protection Commissioner in Bavaria. (Foto: picture alliance / dpa)
- Thomas Petri, the Bavarian Data Protection Commissioner wants to have an external data protection supervisor deployed at the European Patent Office.
- It has become a matter of public knowledge that publicly accessible computers at the EPO were placed under observation using surveillance technology after the receipt of letters containing [allegedly] defamatory remarks against the Management.
The Bavarian Data Protection Commissioner Thomas Petri has called for an external data protection supervisor for the European Patent Office (EPO). On Tuesday the SZ reported that surveillance technology capable of intercepting keystrokes and generating screen-shots had been installed on publicly accessible computers over a period of several weeks. The internal investigation unit at EPO headquarters in Erhardtstrasse was using these techniques in an attempt to track down the writer(s) of [allegedly] defamatory letters.
Data Protection Commissioner Petri previously investigated the data protection arrangements at the EPO in the Spring of 2014 following a complaint and he came to the conclusion that they were deficient. “It emerged that nobody was really in charge”, Petri told the SZ. The internal supervisors were not sufficiently independent. As a result, Petri contacted the Federal Data Protection Commissioner last year and the latter wants to take corrective action via the Council of the European Union.
However, the data protection authorities are confronted with a problem: the European Patent Office is a supra-national organisation which is “a law unto itself”. The foundation of its legal order is the European Patent Convention. “The contracting states must take measures to supplement the European Patent Convention as a matter of urgency”, says Petri who believes that his previous reservations have now been confirmed by the latest revelations. He does not consider that external oversight [in relation to data protection] would impair the EPO’s ability to perform its normal functional tasks. “In the absence of such oversight, as experience shows, matters are liable get out of hand.”
URL: http://www.sueddeutsche.de/muenchen/europaeisches-patentamt-forderung-nach-externem-
datenschuetzer-1.2513289
Copyright: Süddeutsche Zeitung Digitale Medien GmbH / Süddeutsche Zeitung GmbH
We expect a lot more media coverage to come. █
Permalink
Send this to a friend
06.14.15
Posted in Europe, Patents at 6:48 pm by Dr. Roy Schestowitz
An institution full of abuse at many levels and multiple departments
Summary: The blackhat methods of the EPO (e.g. keyloggers) were approved internally by the so-called data protection officer of the EPO, according to new leaks
THE EPO spying scandal is merely the latest among many scandals (we were among the first to report these). It’s the result of the EPO’s desperate attempts to muzzle critics. According to newly-leaked documents from Germany, “the so-called data protection officer of the EPO signed off on keylogging, hidden cameras” (blatant violations of European privacy laws), which means that he is very much like Microsoft's so-called (bogus) privacy chiefs, not the ones Microsoft fired for actually trying to ensure privacy (i.e. doing their job).
“On Friday,” says the bearer of the leaked document, “the data protection officer of the state of Bavaria (whose capital is Munich, where the EPO is headquartered) was quoted by a newspaper (English translation here) with the suggestion “that an external data protection supervisor be assigned to the EPO because the internal inspectors are not independent enough and in the absence of any action matters are likely to get out of hand.” It has become known that the EPO used keyloggers and hidden cameras in its internal investigations of what may actually just have been the exercise of one or more people’s freedom of speech with respect to the EPO’s Jack Warner, vice president Željko Topić. After Mr. Topić lost a court ruling in his country of origin (Croatia), can be accused of pretty bad stuff. The Bavarian data privacy commissioner was spot-on: while the EPO does have a “data protection officer,” that person is just a dictator’s minion with no say over anything important.”
“It’s the result of the EPO’s desperate attempts to muzzle critics.”For an institution that goes as far as keyloggers, with approval from high-level officials, it may not seem radical to hire Control Risks, mercenaries of the British government (with special spy connections). “Control Risks” is of course a very nice euphemism, which one of our readers initially described as the “private security company hired by EPO” (that was before much was known about it).
Control Risks is of course unlikely to find out much of use by reading this site. What they are after must be identities of sources and at no point will they succeed, unless they think that the reporters and sources are very dumb (the same poor assumption police often makes about felons). We know that they even spy on our IRC channels, which is rather pathetic use of their time (and European taxpayers’ money). As counter-intuitive as it may first seem, the transparency of the channels is what makes them useless for blackmail or exploitation by spies. In other words, knowing that everything there is visible (not just to moles/intruders and leakers) discourages bad behaviour or self-incriminating communication therein. There are no secrets there and people in the channels don’t have an illusion of privacy. Now, compare that to what Wikileaks had done before an FBI mole from Iceland leaked the logs. We advise Control Risks to step back and we wish to tell EPO (in the Netherlands) that we are seeing (and banning) its IP addresses that have been hammering on this site. We know what you are up to.
In order to secure future reference of the leaked material we are adding it below as JPEG (just large enough to be legible). It is possible that the Sepp Blatter equivalent at the EPO is actually Željko Topić, not King Battistelli. What the EPO needs is a sacrificial lamb, not more coverup. The longer it goes on for, the more embarrassing it will become. Keyloggers and hidden cameras should be installed on (or pointed at) Topić’s PC, not everyone who works at the EPO. █
Permalink
Send this to a friend
Posted in Microsoft, Windows at 6:07 pm by Dr. Roy Schestowitz
Summary: A look at lesser-explored aspects of the so-called OPN hack [sic], especially the systems involved
IN AN EFFORT to understand what repeatedly happened in the undoubtedly significant Office of Personnel Management (OPM) data breach/es [2-8], leaving aside the lack of concrete evidence of Chinese role [1], we tried to understand which platform was to blame. In the case of Sony it was reportedly a Microsoft Windows machine acting as the culprit or attack vector, just like Stuxnet in Iran with similar attempts against North Korea (there are still more articles about it).
“Hundreds of millions of credit card numbers got snatched from Windows.”NSA leaks were due to Microsoft SharePoint (Snowden gained access to the so-called ‘crown jewels’). As we last noted in an article about words from Kaspersky (still in headlines for it [9-12]), Windows is inherently not secure. Commercial targets of data breached that we wrote about before serve to show this. We gave readers a lot of examples over the years. Hundreds of millions of credit card numbers got snatched from Windows. the cost was enormous, but the role of Windows wasn’t ever emphasised in the corporate press.
Rebecca Abrahams published an article co-authored by Dr. Stephen Bryen, Founder & CTO of FortressFone Technologies. Unlike many other articles which point a finger at China (with little to actually back this accusation with), Abrahams does call out Windows and sheds light on what OPM uses:
Second, the government is very slow to improve security on its computers and networks. Many of the computers the government is using are antique. For example OPM still has 12-year old Windows XT as an operating system for its computers. Microsoft no longer supports XT and any vulnerability that develops is the problem of the user, not of the supplier. But even if the old stuff was upgraded it won’t help much because the systems are really clumsy amalgams of disparate parts which as a “system,” have never been properly vetted for security.
So there we go. Windows. We’re hardly surprised to say the least. The author probably means NT or XP (14 years old, not 12, unlike Server 2003), but does it matter much? Any version of Windows, no matter how old, is not secure. It’s not even designed to be secure. █
Related/contextual items from the news:
-
Out of ulterior motives, some US media and politicians have developed a habit of scapegoating China for any alleged cyber attack on the United States. Such groundless accusations would surely harm mutual trust between the two big powers of today’s world.
-
Last week, the human resources arm of the US government, the Office of Personnel Management (OPM) admitted that it had been victim of a massive data breach, where hackers stole personal data belonging to as many as 4 million government workers.
-
We already described how the recent hack into the US federal government’s Office of Personnel Management (OPM) appears to be much more serious than was initially reported. The hack, likely by Chinese state hackers, appear to have obtained basically detailed personal info on all current and many former federal government employees.
-
China-linked hackers appear to have gained access to sensitive background information submitted by US intelligence and military personnel for security clearances that could potentially expose them to blackmail, the Associated Press reported on Friday.
In a report citing several US officials, the news agency said that data on nearly all of the millions of US security-clearance holders, including the Central Intelligence Agency (CIA), National Security Agency (NSA) and military special operations personnel, were potentially exposed in the attack on the Office of Personnel Management (OPM).
-
And yet… this is the same federal government telling us that it wants more access to everyone else’s data to “protect” us from “cybersecurity threats” — and that encryption is bad? Yikes.
-
A second data breach at the US Office of Personnel Management has compromised even more sensitive information about government employees than the first breach that was revealed earlier this week, sources claim. It’s possible at least 14 million Americans have chapter and verse on their lives leaked, we’re told.
The Associated Press reports that hackers with close ties to China are believed to have obtained extensive background information on intelligence-linked government staffers – from CIA agents and NSA spies to military special ops – who have applied for security clearances.
Among the records believed to have leaked from a compromised database are copies of Standard Form 86 [PDF], a questionnaire that is given to anyone who applies for a national security position, and is typically verified via interviews and background checks.
-
-
Earlier this week, we noted that Senator Mitch McConnell, hot off of his huge flop in trying to preserve the NSA’s surveillance powers, had promised to insert the dangerous “cybersecurity” bill CISA directly into the NDAA (National Defense Authorization Act). As we discussed, while many have long suspected that CISA (and CISPA before it) were surveillance bills draped in “cybersecurity” clothing, the recent Snowden revelations that the NSA is using Section 702 “upstream” collection for “cybersecurity” issues revealed how CISA would massively expand the NSA’s ability to warrantlessly wiretap Americans’ communications.
-
-
-
Moscow-based antivirus firm Kaspersky Lab, famous for uncovering state-sponsored cyberattacks, today dropped its biggest bombshell yet: Its own computer networks were hit by state-sponsored hackers, probably working for Israeli intelligence or the U.S. National Security Agency. The same malware also attacked hotels that hosted ongoing top-level negotiations to curb Iran’s nuclear program.
-
When Israeli Prime Minister Benjamin Netanyahu met with Google chairman Eric Schmidt on Tuesday afternoon, he boasted about Israel’s “robust hi-tech and cyber industries.” According to The Jerusalem Post, “Netanyahu also noted that ‘Israel was making great efforts to diversify the markets with which it is trading in the technological field.’”
Just how diversified and developed Israeli hi-tech innovation has become was revealed the very next morning, when the Russian cyber-security firm Kaspersky Labs, which claims more than 400 million users internationally, announced that sophisticated spyware with the hallmarks of Israeli origin (although no country was explicitly identified) had targeted three European hotels that had been venues for negotiations over Iran’s nuclear program.
Wednesday’s Wall Street Journal, one of the first news sources to break the story, reported that Kaspersky itself had been hacked by malware whose code was remarkably similar to that of a virus attributed to Israel. Code-named “Duqu” because it used the letters DQ in the names of the files it created, the malware had first been detected in 2011. On Thursday, Symantec, another cyber-security firm, announced it too had discovered Duqu 2 on its global network, striking undisclosed telecommunication sites in Europe, North Africa, Hong Kong, and Southeast Asia. It said that Duqu 2 is much more difficult to detect that its predecessor because it lives exclusively in the memory of the computers it infects, rather than writing files to a drive or disk.
Permalink
Send this to a friend
Posted in Deception, Free/Libre Software, Microsoft at 5:28 pm by Dr. Roy Schestowitz
Treating ‘Open Source’ like a trash can or a wastebasket
Summary: Microsoft is hoping to achieve/get some positive karma (the openwashing effect) by putting a Windows tool that has essentially been abandoned (or made obsolete) in the ‘Open Source’ domain
Using “Abandoned Software” (AS) to label Microsoft “Open Source” (OS) isn’t a novel concept. It has been done by Microsoft before, even if the “OS” part too was altogether bogus (look but do not touch).
Microsoft appears to be pulling that card again, labelling Windows Live Writer (yes, remember “Live”? And it’s a Windows-only tool!) “Open Source”. As one site put it: “It is not updated regularly; the last update we ever saw for the device was back in 2012. Microsoft has not updated it since. Although there are users you [sic] are loyal and used the app religiously. Last month the live posts to Google’s Blogger platform stopped and it was then that it became vocal.”
Here is how IDG put it:
Microsoft will breathe life into Windows Live Writer by open sourcing the eight-year-old blog-publishing tool, a company manager said earlier this week.
What next? Making “KIN” and/or “Zune” something open-ish? If that’s the best Microsoft can do, then it is clearly too stubborn to ever leave the proprietary addiction. More openwashing of Microsoft this month is part of a familiar PR recipe… █
Permalink
Send this to a friend
Posted in GNU/Linux, Microsoft at 5:02 pm by Dr. Roy Schestowitz
Summary: The story of Nokia’s Moonraker, the baby which got knifed before birth, reportedly because of Microsoft’s pressure
WHEN Nokia was killed by Microsoft it wasn’t a slow death. A lot of Nokia’s products got killed almost immediately, especially anything which involved Linux. Yes, because “Microsoft loves Linux,” according to Microsoft’s CEO. Whenever Nokia tried new initiatives involving Linux at their core (there were several such initiatives) these quickly got shot at the back of the neck. Some staff left or was pushed out (see Jolla for example), leaving in Nokia only those loyal enough to Microsoft. According to a couple of new reports, one of which from a Microsoft booster and another from a Microsoft-sympathetic site, Microsoft killed a non-Windows smartwatch from Nokia. To quote the Microsoft booster:
The Verge reports that, according to its sources, Microsoft killed off the Moonraker watch when it bought Nokia, as Band had more sensors. While Moonraker could do things such as turn on the screen when you raise your arm and turn it off when you lower it, this apparently didn’t compare with the breadth of sensors found in the Band.
[...]
While Google and Apple smartwatches both run operating systems that are closely related to their phone platforms, Band is believed to run software that’s substantially lighter weight. While this allows Band to be smaller than full smartwatches, it also limits its utility as an app platform. Similar to the Apple Watch’s WatchKit (but unlike the forthcoming native SDK), Band apps run on the paired phone, using the Band itself only as a display device.
Nokia could have beat the rest of the market to it, but since Windows is laughably bloated and unsuitable for any watch-sized device, Microsoft could just not let it be. █
“A lot of people make that analogy that competing with Bill Gates is like playing hardball. I’d say it’s more like a knife fight.”
–Gary Clow, famous Microsoft victim
Permalink
Send this to a friend