05.02.21

Microsoft-Centric “Ransomware Task Force”

Posted in Deception, Microsoft, Security at 3:37 am by Guest Editorial Team

Original by Mitchel Lewis, republished with permission

Microsoft ransom
Source: https://www.statista.com/statistics/701020/major-operating-systems-targeted-by-ransomware/

Summary: Mitchel Lewis, a former Microsoft employee, takes a look at Microsoft-connected or Microsoft-controlled ‘think tanks’ in ‘task force’ clothing

Although most platforms have had their flare-ups with ransomware, it’s well-known that Microsoft’s legacy architecture has a hyper-monopoly with respect to ransomware infections that consequently renders all other platforms into negligible outliers in comparison. In fact, there’s nothing in this world that Microsoft monopolizes better than ransomware attacks at the moment.

Depending on who you ask, anywhere from 85–99% of ransomware attacks occur on Microsoft architecture, often via well-known vulnerabilities. Because of this common denominator, most working within the ransomware space daily would find it supremely difficult gloss to over the vulnerability of Microsoft’s architecture as being a key component in the rising prominence of ransomware and this is especially true if they were asked to write an 80-page report on the matter.

Taskforce ransom
A “venerable” who’s who of the ransomware field.

Recently though, a team of more than 60 lawyers and supposed experts that no one has ever heard of before from software companies, cybersecurity vendors, government agencies, non-profits, and academic institutions came together with the Institute for Security and Technology, an institute that no one has ever heard of before, and achieved the irrational by developing a “comprehensive framework” attempting to tackle the modern threat of ransomware. To no surprise and in true Dunning-Kruger fashion whenever expertise is proclaimed, these experts managed to accomplish the unconscionable by overlooking Microsoft’s blatant complicity in the ransomware space and the fundamental importance of modern infrastructure in the face of IT security and prevention of ransomware in an 81-page report.

ZDNet ransom
This wasn’t even a revelation in December for anyone with half of an ass in the field of assessing root cause.

To be fair, the task farce rightfully highlighted the rise of cryptocurrency as a motivational force behind ransomware attacks and further dubbed ransomware to be a threat against our national security, this is nothing new; even my stupid ass has been talking about this for 6 months now. Many of their suggestions are relevant too and might help to some degree, but they’re reactionary and ancillary at best in comparison to an architectural shift away from Microsoft solutions; the single best preventative measure that a company can take to defend itself against various attacks plaguing industry throughout the world, ransomware or otherwise. Hell, their whole article only mentioned prevention 3 times.

Safety Detectives
Source: https://www.safetydetectives.com/blog/ransomware-statistics/

With the exception of Hafnium, most attacks are rudimentary at best and exploit well-known vulnerabilities throughout the Microsoft ecosystem and the ignorant companies refusing to mitigate these vulnerabilities in favor of convenience. More often than not, ransomware infections are a direct consequence of phishing campaigns, poor password complexity, poor lockout policies that embolden brute force attacks, poorly trained users, no MFA, no VPN, and admins ignorantly exposing RDP to the WAN, etc. All of which are fundamental no-no’s in the world of IT security that are amazingly easy to prevent and almost all of which are targeted exclusively at Microsoft cloud and server solutions hosted on-premise by their clientele. And a task force of supposed experts would have acknowledged this if they were actually experts in ransomware or IT security.

Given all of this, it seems as if Microsoft is just as much of a threat to our national security as ransomware itself; you can’t have one without the other. Although many of these attacks are preventable and much can be done to supplement Microsoft architecture to harden against said attacks, it’s becoming increasingly evident that it’s impossible for most teams to account Microsoft’s entire threat surface, ransomware or otherwise, and that it’s simply too complex, costly, and cumbersome for most IT staff to manage. As such migrating away from the Microsoft ecosystem entirely is the single most viable way to reduce your threat surface against ransomware and pretty much every other form of attack; the drastic reductions in IT ownership costs and improved employee morale are nice too I hear.

This is not easy though. On top of being notorious for ransomware, Microsoft is notorious for optimizing their solutions for lock-in, addiction if you will, which makes them incredibly difficult and costly to migrate away from. The benefits are immediate to those with the grit to migrate though.

But instead of highlighting any of this, the task farce appears to be operating under a false pretense that ransomware is somehow a platform-agnostic affair and that architecture is irrelevant while further ignoring the important role that architecture plays in preventing ransomware and neglecting to showcase Microsoft for being a common denominator that it is; bungling it massively if you will. This is so much the case that they only mentioned the word architecture once in their entire report. If anything, they appear to be adopting Microsoft’s “assume breach” approach which is just their way of shifting blame to the people who support and manage their unsupportable and unmanageable solutions. All of which forces me to question the degree of their expertise and their intentions.

As harsh as this may seem at first, questioning their expertise is fair when there seems to be no focus on preventative measures and devoid of even the most obvious architectural recommendations; no acknowledgment that most ransomware attacks are preventable, no acknowledgment that not all architectures are equal, and no acknowledgment that they often occur when fundamentals are abandoned or forbidden. More often than not, there’s an IT nerd saying, “I told you so.”, to their change-averse management post-mortem with emails to back it up and this just isn’t something that experts can simply ignore when trying to prevent ransomware.

 Katie Nickels with context
Recommendations given, no response as expected.

Katie Nickels

To say the least, the IST report would look markedly different if boots on the ground were at least consulted with beforehand, hence why I began to question it so flagrantly as someone that has dealt with ransomware and its prevention for half a decade now. In an effort to clarify their expertise, I reached out to Katie Nickels, one of the task farce members, and she didn’t argue or lambast me with credentials proving otherwise and merely asked for my recommendations; a low-key admission of my expertise concern having merit if you’re into that whole social engineering thing.

Unsurprisingly and rather than supplying ransomware experts that could provide action items for people that actually work against ransomware on a daily basis which Microsoft has an abundance of, Microsoft instead supplied their digital diplomacy team comprised of Kemba Walden, Ginny Badanes, Kaja Ciglic, and Ping Look, which is curious because none of these people get wake-up calls when ransomware is dominating the infrastructure of their clientele. So far as I can tell, none of them seem to have even gone on the record about ransomware prior to this task farce being formed and it’s hard to see their role in the task farce and the absence of Microsoft’s complicity in their report as a coincidence.

Katie Nickels' reply

When combining these oversights, the dominant presence of Microsoft spin artists within their task farce, and the high likelihood of a sizable donation from Microsoft to the Institute for Security and Technology though, none of this should come as a shock to you. As shown with fraud of dolphin-safe labeling/oversight, we live in a world where industry has a penchant for hijacking its own watchdogs with massive donations and further installing people throughout their ranks that are sympathetic to the plight of starving investors; all of which Microsoft has been accused of before which appears to be the case with the #ransomwaretaskforce. Roy Schestowitz refers to this approach as entryism and it may be time to pay more attention to these nefarious approaches in the tech space.

In summary, trying to cull ransomware via decree alone is only viable in comparison to throwing virgins into a volcano. Given Microsoft’s monopoly on ransomware attacks, the single best thing that any organization can do to prevent ransomware from ravaging your IT infrastructure is to migrate far, far away from Microsoft architecture entirely. Once that is accomplished, companies can implement multi-factor authentication, complex password requirements with password managers, and spare no expense on user training to further reduce their exposure to ransomware and other attacks that leverage these very same threat vectors. And companies can do this while reducing their ownership costs by a factor of 3 conservatively as showcased by IBM when they standardized on the Apple ecosystem; those less efficient at managing PCs at scale than IBM stand to see greater reductions.

You’re welcome to disagree and stay on Microsoft architecture or believe that approaching ransomware via bureaucracy- laden decrees is viable. It’s your funeral. But if you find yourself in this precarious position of deferring to lawyers and people that have never been on the hook to remove ransomware before, it may be a sign that you should do more reading and less talking about the matter instead.

04.28.21

Testimonies, Letters, Writings, and More About Richard Stallman

Posted in Deception, Free/Libre Software, FSF, FUD at 11:02 pm by Guest Editorial Team

Published on April 27, 2021. Reproduced with permission.

As we keep working on this website, we are getting feedback from readers who send us their own writings and testimonies, or point us to writings by other people. We are grateful to all of them for their contributions. We can’t publish all of the materials, but here are some.

Professional Interaction with Richard Stallman #professional

by Andy Farnell – March 2021

Attackers of Prof. Richard Stallman, founder of the Free Software Foundation and GNU project, accuse him of “unprofessionalism.” My experience has been different. I recently had reason to speak with Richard Stallman while researching a new book, as I needed to interview an authority on the subject of “Software Freedom.” Of course, this is my personal experience over a short time. Some people say that he is difficult to get along with, but here’s why I feel any labelling of Stallman as “unprofessional” is undeserved.

As I hit send on an email to Richard Stallman, a person famed for “being weird,” I sighed with resignation at the fact it would likely go unanswered. Five seconds later a reply appeared. Obviously it was an automated response, including some boilerplate addressed to any NSA agents enjoying our conversation. Weird, yes! Check one! But in good humour. Were I an NSA worker it would cause no offence and make me smile. His email was polite, concise, informative and sensible. It explained Richard’s workflow for processing mail and when I might expect a reply.

Now, some might say that a “professional” would delegate their public interface. Having dealt with many prominent people I know it sometimes takes weeks and many attempts just to get through to an agent or handler, let alone win a personal audience. Often when trying to interview other writers or public figures one encounters a fortress of aloof discouragement—just go away, I am way too busy for you. Those who have a great deal to say, often take such pains to hide themselves and make sure nobody gets to speak back. As I see it, Stallman shares with the legendary Noam Chomsky, in being approachable by anyone, whether a professional reporter, student, blogger, or critic.

So, within a few days I received a thoughtful and detailed reply from Richard himself, who suggested we talk, and some choices of technology for a meeting. We found a mutually agreeable solution, being Jit.si, over which Richard devoted hours to helping me with my questions. I had expected a great fuss about encryption, and to find myself awake past midnight recompiling a kernel or fighting with encryption keys in order to talk to Stallman who would be nit-picky, weird and patronising about my weak security practices. That didn’t happen. It’s a character strength of Stallman I have heard others praise, that while ideologically rigid, he is absolutely pragmatic.

Before we were scheduled to talk, Stallman took the initiative to reach out and remind me we had a meeting, pre-emptively suggesting we test the link, and that I should record the meeting on my side as a reference, thus saving me the awkwardness of asking permission. Professional? Certainly well organised and mindful of the needs of others.

Then came the actual meeting. I get to talk to a lot of smart people, but rarely do they engage like Richard Stallman. He listens. Being into communication theory I pay attention to styles of interaction. In several hours of online connection Richard Stallman never once spoke over me, showing extraordinarily adept use of timing and tone for voice communication with latency while clearly thinking about each question. He ended each session by asking if I needed a follow up session and whether the recording had been successful.

At this point, Richard had no idea who I “really was.” He remarked that he was helping a student publish an article on software freedom in higher education—but he had no time to devote to editing the students prose. I took this as a subtle invitation to quid pro quo, and so I offered to edit the article. That lead to a long, productive and very interesting interaction that inspired an article for the Times Higher Education.

My experience of Stallman seemed the very model of consummate professionalism—exemplary use of technology and language, far, far better manners than I expect from many corporate encounters. Contrary to commentators who paint him as socially clumsy, I found his rather charming way of advancing agendas and connecting people for mutual benefit quite skilful.

The word “unprofessional” has been co-opted as an accusation in modern witch-hunts. It is very hurtful to call another person unprofessional, partly because the concept is so poorly defined, and gets conflated with “bad character.” Often the accusation is levelled at someone who is indeed acting at the absolute height of professionalism, following
the true spirit of their profession, but standing against the status quo. Whistle-blowers or those advocating for organisational change toward better ethics come to mind as obvious victims. We must stop abusing the word “unprofessional” as a vague smear against anyone whose opinions we dislike.

A Letter to the FSF #letter1-fsf

Date: Apr 6, 2021, 14:12
From: [Email address redacted]
To: info@fsf.org
Subject: In support of RMS

Dear FSF,

I support Richard’s return to the FSF, and hope that he will continue providing momentum to the Free Software Movement in all ways possible, especially through the FSF and GNU.

I am a doctoral student of condensed matter physics at Savitribai Phule Pune University, Pune, India, and a regular user of free software for almost a decade now. I would like to express my gratitude to Richard’s initiative for software freedom, which has directly and indirectly enabled my research in more ways than one.

Pradeep Thakur
Pune, India.

04.26.21

Alexandre Oliva: Against Software Tyranny

Posted in Free/Libre Software, GNU/Linux at 7:05 am by Guest Editorial Team

This work is licensed under the Creative Commons License BY-SA (Attribution ShareAlike) 3.0 Unported.


Imposing substantial constraints on users' running, modifying or sharing software subjugates users and exerts control over their digital lives through unjust, tyrannical powers. Software freedom amounts to not being subjugated nor coerced by software tyrants.

The Free Software movement fights for the abolition of software tyranny. We denounce and combat threats to users' autonomy, and software tyrants' attempts to wield power over users.

Open Source Software was introduced as a marketing campaign for Free Software. However, by focusing on the practical and economic advantages to be derived from collaborative development, it ended up campaigning to enlighten despots, rather than to overthrow software tyrants. The campaign encourages software tyrants to voluntarily give up, when it suits them, some of their tyrannical powers over software, and thus over users. This marketing campaign misses the point. Though enlightened, former tyrants remain despots. Users don't deserve freedom only when that's advantageous to despotic rulers.

https://www.gnu.org/philosophy/open-source-misses-the-point.html


Trade secrets and copyrights were the earliest powers that software tyrants relied on to control users. Denying software users the rights to modify, distribute and copy the software they use to do their computing renders them subjugated, divided and helpless. Granting copyright licenses that allow these uses, and arranging for users to have access to source code enable a software despot to qualify as a software supplier that respects users' freedoms.

Copyright licenses are unilateral grants of permissions for behaviors that copyright law reserves to the copyright holder. To qualify as Free Software licenses, they have to allow recipients, individually and collectively, (a) to study the source code, to see what the software does, (b) to adapt it so that it does what users wish, (c) to copy and distribute it, with or without modifications, and (d) to run it for any purpose. To qualify as an Open Source License, the criteria are stated differently, but they are intended to be equivalent, so OSS licenses are also FS licenses, and vice-versa, with no more than a few accidental exceptions.

All FS/OSS licenses, from public domain emulation to the strongest copyleft, have the following in common: they enable users to do whatever they wish with and to the software, and to have as full control as they wish over their own copies thereof. FS/OSS licenses cannot vary in this regard: respect for the essential freedoms is a strict requirement.

"Freedom is being able to make decisions that affect mainly you; power is being able to make decisions that affect others more than you."
https://www.gnu.org/philosophy/freedom-or-power.html

They may differ, however, in what they allow recipients to do to each other, that is, in what powers (over others) they transfer to recipients. While FS/OSS lax permissive licenses transfer to recipients powers that enable them to become software tyrants over other users, copyleft (see below) defends users from potential software tyrants, by not transferring any such powers to any recipients.

Choosing the copyright license that will govern uses of a program is power, not freedom, because it affects mainly others. It amounts to wielding the power of copyright. Denying users' essential freedoms through this power is software tyranny. For FSers, such a use would be anathema; for OSSers, it's a poor choice that an unenlightened despot might make.


Copyleft is a licensing practice that, besides respecting the essential freedoms, also defends them for all users of a program, by refusing to transfer to intermediaries any power over other users. To that end, permissions are granted in narrow ways, so that the software can only be passed on along with the essential freedoms, and without power to subjugate others.

https://www.gnu.org/philosophy/pragmatic.html

FS proponents most often prefer stronger copyleft licenses, because they (both proponents and licenses) avoid empowering software tyrants. OSS proponents, however, are far more diverse in their preferences, reflecting their deference to despots' divine right, best intentions, and diverse motivations and strategies. Software tyrants, in turn, entice OSS developers and attempt to strongarm FS ones into adopting non-copyleft licensing practices that thereby enable software tyrants to wield absolute power over users.

https://lukesmith.xyz/articles/cucklicenses

https://www.gnu.org/licenses/why-not-lgpl.html


Despite our differences, FS and OSS proponents can often collaborate in developing software, especially when it is licensed under strong copyleft licenses. Conflicts are to be expected, however, when the software hits situations that place abolitionists of software tyranny and proponents of enlightened despotism at opposite sides. Disputes may involve stances on issues ranging from proprietary blobs (firmware, web scripts) and DRM implementations to surveillance, advertising, SaaSS and network dis-services.

https://rosenzweig.io/blog/software-freedom-isnt-about-licenses-its-about-power.html

https://www.gnu.org/philosophy/who-does-that-server-really-serve.html

https://www.gnu.org/philosophy/network-services-arent-free-or-nonfree.html

OSSers won't generally support FSers in overthrowing software tyrants and abolishing their absolute power, nor would they join us in promoting those goals. OSSers who feel aligned with these goals are advised to look into why they don't think of themselves as FSers; we welcome them in our struggles for freedom. True OSSers will only share part of the walk with us, and that help is also welcome, in as much as it empowers users without empowering software tyrants. Cooperation between OSSers and FSers is frequent in FS/OSS development projects, and conflicts can be avoided by acknowledging the significant differences in ultimate goals, and agreeing early on to take an unequivocal joint stand for software freedom for users, and against its opposite: software tyranny.


Thanks to Mylene for asking the question that sparked this article.

Copyright 2021 Alexandre Oliva

Permission is granted to make and distribute verbatim copies of this entire document worldwide without royalty, provided the copyright notice, the document’s official URL, and this permission notice are preserved.

04.24.21

Comment on the Open Letter to Remove RMS, Based on the GNU Kind Communications Guidelines

Posted in Free/Libre Software at 12:02 am by Guest Editorial Team

Reprinted with permission from Elias Rudberg, original in this Web site

About the Author

This text is not supposed to be about me, but let me start with a few words about my own background. I have been programming one way or another for most of my life. The work on my PhD thesis involved a lot of programming related to the Ergo quantum chemistry program, and later I worked on scientific computing research involving the Chunks and Tasks programming model. Over the years I have become more and more fascinated by the concept of free/libre software and I would really enjoy contributing more to such projects. I support organizations like the Free Software Foundation (FSF) and Software Freedom Conservancy. Recently I made some small contributions to Phosh and the Linux kernel, something I was very proud of.

Why I am writing this

Recently, an open letter was published with the title “An open letter to remove Richard M. Stallman from all leadership positions”. Many people have signed the letter; at the time of writing, 61 organizations have signed, and there are 3009 individual signatures.

The open letter has triggered a debate within the free/libre software world, a debate that I find both interesting and important. However, as I read the letter and various responses to it, I imagine that many voices on both sides are coming from a place of anger and outrage. I think more thoughtful communication would be helpful in this situation.

Whatever one might think of RMS or the GNU project, I found
the GNU Kind Communications Guidelines to be quite good, and so I was wondering what would be different if the debate were following those rules. Since the open letter sparked the debate and was signed by so many people, I find it interesting to look at the letter itself from the perspective of those guidelines.

Part 1: avoiding personal attacks

Quote from the GNU Kind Communications Guidelines:

“Please do not take a harsh tone towards other participants, and especially don’t make personal attacks against them. Go out of your way to show that you are criticizing a statement, not a person.”

I think under normal circumstances we all see the wisdom in the above, in general. However, there are parts of the open letter that could be interpreted as personal attacks, depending on the mindset of the reader. One such part of the letter is the following sentence: “He has shown himself to be misogynist, ableist, and transphobic, among other serious accusations of impropriety.”

There is a risk that the phrasing in that part of the open letter can be interpreted as assigning those labels (misogynist, ableist, transphobic) to the person, as part of his identity, rather than criticizing specific statements or actions.

The advice in the communications guidelines to “go out of your way to show that you are criticizing a statement, not a person”, does not seem to have been followed here. Assuming that the statements in the open letter are based on statements and actions, it should be possible to reformulate that part of the letter to make it more clear that the letter is criticizing certain things RMS has said and done, and reduce the personal focus.

Part 2: avoiding exaggerations

Another relevant part of the GNU Kind Communications Guidelines reads as follows:

“Please respond to what people actually said, not to exaggerations of their views. Your criticism will not be constructive if it is aimed at a target other than their real views.”

Again, this is hardly something that would normally be under dispute, most people would agree that it is best to avoid exaggerations when formulating criticism. Looking at the open letter, there seems to be room for improvement in this regard.

“The phrasing “misogynist, ableist, and transphobic” quoted earlier is another example of something that may appear as as an exaggeration to readers of the letter.”One specific part of the open letter that risks being seen as an exaggeration is the phrase “his hurtful and dangerous ideology”. Even if you (who signed the letter) are convinced that RMS has a hurtful and dangerous ideology, it may be worth considering that readers of the letter may think this is an exaggeration.

The phrasing “misogynist, ableist, and transphobic” quoted earlier is another example of something that may appear as as an exaggeration to readers of the letter.

Turning to the appendix of the open letter, linked to with the sentence “We have detailed several public incidents of RMS’s behavior”, that contains references that also risk being seen as unfair exaggerations or misinterpretations. To see a specific example of this, consider the reference number 2 in the appendix of the open letter, which points to a vice.com article. Because the headline of that vice.com article mischaracterizes the
actual statements, I worry that this citation will increase the defensiveness of readers who are skeptical of the letter’s concerns. To read details about these issues, see for example: Cancel We The Web? and On Stallman.

As the quote from the communications guidelines above says, criticism will not be constructive if it is aimed at a target other than the real views of the people criticized. It would have been better to avoid exaggerations, and to avoid referencing something that is partly false, like the reference number 2 mentioned above. More impeccable citations would go a long ways toward increasing the credibility of the letter.

Moving forward

Turning again to the GNU Kind Communications Guidelines, I think the following part can help us move forward in the current difficult situation:

“If other participants complain about the way you express your ideas, please make an effort to cater to them. You can find ways to express the same points while making others more comfortable. You are more likely to persuade others if you don’t arouse ire about secondary things.”

This applies here: in the recent debate some people have complained about the way you express your ideas in the open letter, and perhaps they have a point. As discussed above, there are some things about the open letter that could have been better.

Regardless of one’s position on any controversy, I believe that more careful constructive presentation of arguments will increase the chance of persuading readers.

Contact

Anyone who would like to ask questions or otherwise discuss this with me is welcome to contact me by e-mail: mail@eliasrudberg.se. I am particularly interested in hearing from those who signed the open letter — the critique above is directed at the letter you signed, and I would very much like to hear how you respond to it. Please do not hesitate to write to me.

Thanks

Thanks to Aaron Wolf for his review and editorial suggestions.

04.17.21

Breaking News: EDPS Admits That It is Powerless to Investigate Claims of GDPR Non-compliance at the EPO

Posted in Deception, Europe, Microsoft, Patents at 1:06 pm by Guest Editorial Team

Nothing says 'European data protection' like outsourcing communications to an American surveillance firm

Summary: Nobody is truly in charge at the EDPS (and in Europe at large); they say EPO is “company” and all one can do is kindly ask the EPO itself to obey the law and stop outsourcing European data to American military contractors

Back in March, Techrights started publishing its exposé about the EPO's sell-out of its digital sovereignty to Microsoft.

At around the same time this matter was brought to the attention of the European Data Protection Supervisor (EDPS).

“Its primary objective is to ensure that European institutions and bodies respect the right to privacy and data protection when they process personal data and develop new policies.”The EDPS is an independent supervisory authority established by the European Union. Its primary objective is to ensure that European institutions and bodies respect the right to privacy and data protection when they process personal data and develop new policies.

You might have thought that the EDPS would be interested to learn about the alleged GDPR non-compliance at an intergovernmental institution which processes large amounts of personal data relating to EU citizens. You might even have expected them to carry out some kind of independent investigation like the Bavarian Data Protection Commissioner did back in 2015.

But sadly it turns out to be another case of “Not My Department”.

“You might have thought that the EDPS would be interested to learn about the alleged GDPR non-compliance at an intergovernmental institution which processes large amounts of personal data relating to EU citizens.”In its response to the complaint filed about the EPO, the EDPS has now stated that it is powerless to investigate claims of GDPR non-compliance at the second largest European intergovernmental institution.

Instead it suggests to the complainants that they “could contact EPO directly [...] by sending an email to DPO@epo.org”.

The EDPS adds: “You can find this information in the company’s Privacy Policy, available here: EPO – Data protection & privacy.” (warning: epo.org link)

So as far as the EDPS is concerned, the EPO is a “company” rather than a public intergovernmental institution?

“So as far as the EDPS is concerned, the EPO is a “company” rather than a public intergovernmental institution?”Surely this is beyond a joke…

If EU citizens have a problem with the EPO’s failure to comply with GDPR, the only available solution is to complain to the EPO?

And that is going to fix things?

Sounds like somebody in Brussels needs a reality check… URGENTLY!!!

Here’s the text of the letter:

Our ref.: ██████████████

From: European Data Protection Supervisor

To: █████████████████

Date: Friday, April 16, 2021

Dear ███████████████

We are writing in response to your complaint submitted to the European Data Protection Supervisor (EDPS) on 11 March 2021.

We would like to point out that the EDPS is the independent authority of the European Union (EU) that deals with the supervision of the processing of personal data done by EU institutions and bodies[1]. In this sense, our tasks are similar to the tasks of national data protection authorities in the EU Member States, but apply only at the level of the European Union and its institutions[2].

We have analysed the matter raised in your message, and it appears that your request does not relate to the processing of personal data by EU institutions or bodies.

The EDPS has no supervisory competence over other international organisations. In consequence, we regret to inform you that your complaint, regardless its possible merits, falls outside the jurisdiction of the EDPS and we therefore do not have any authority to investigate it.

Please be informed that the seat agreements that the international organisations have with their host states usually grant them certain privileges and immunities. These often exclude the application of national law to the international organisation and therefore, the national data protection authority (DPA) of its host state may not be able to assist you either.

However, please be advised that you could contact EPO directly regarding your complaint by sending an email to DPO@epo.org. You can find this information in the company’s Privacy Policy, available here: EPO – Data protection & privacy.

Yours sincerely,


EDPS Secretariat

| Tel. (+32) 228 31900 | Fax +32(0)22831950 | ›
Email edps@edps.europa.eu
European Data Protection Supervisor
Postal address: Rue Wiertz 60, B-1047 Brussels
Office address: Rue Montoyer 30, B-1000 Brussels
@EU_EDPS www.edps.europa.eu

This email (and any attachment) may contain information that is internal or confidential. Unauthorised access, use or other processing is not permitted. If you are not the intended recipient please inform the sender by reply and then delete all copies. Emails are not secure as they can be intercepted, amended, and infected with viruses. The EDPS therefore cannot guarantee the security of correspondence by email.

[1] According to Regulation (EU) 2018/1725 (see https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX:32018R1725 ‘… the European Data Protection Supervisor, shall monitor the application of the provisions of this Regulation to all processing operations carried out by a Union institution or body…’ (see Article 1(3)). According to Article 3(10), the ‘Union institutions and bodies’ are the Union institutions, bodies, offices and agencies set up by, or on the basis of, the TEU, the TFEU or the Euratom Treaty (see http://europa.eu/about-eu/institutions-bodies/index_en.htm for a full list).

2 For example, like national data protection authorities we also provide advice to the legislator on new legislative proposals and on initiatives having an impact on data protection and privacy.


Data Protection Notice

According to Articles 15 and 16 of Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, please be informed that your personal data will be processed by the EDPS, where proportionate and necessary, for the purpose of investigating your complaint. The legal basis for this processing operation is Article 57(1)(e) of Regulation (EU) 2018/1725. The data processed will have been submitted by you, or from other sources during the inquiry of your complaint, and this may include sensitive data. Your data will only be transferred to other EU institutions and bodies or to third parties when it is necessary to ensure the appropriate investigation or follow up of your complaint. Your data will be stored by the EDPS in electronic and paper files for up to ten years (five years for prima facie inadmissible complaints) after the case closure, unless legal proceedings require us to keep them for a longer period. You have the right to access your personal data held by the EDPS and to obtain the rectification thereof, if necessary. Any such request should be addressed to the EDPS at edps@edps.europa.eu. Your data might be transferred to other EU institutions and bodies or to any third parties only where necessary to ensure the appropriate handling of your request. You may also contact the data protection officer of the EDPS (EDPS-DPO@edps.europa.eu), if you have any remarks or complaints regarding the way we process your personal data. You can find the full version of our data protection notice on complaint handling at: https://edps.europa.eu/data-protection/our-role-supervisor/complaints-handling-data-protection-notice_en.

___________________________
[1] According to Regulation (EU) 2018/1725 (see https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX:32018R1725 ‘… the European Data Protection Supervisor, shall monitor the application of the provisions of this Regulation to all processing operations carried out by a Community institution or body…’ (see Article 1(2)). According to paragraph 1 of the same article, the ‘Community institutions or bodies’ are the institutions and bodies set up by, or on the basis of, the Treaties establishing the European Communities (see http://europa.eu/about-
eu/institutions-bodies/index_en.htm for a full list).
[2] For example, like national data protection authorities we also provide advice to the legislator on new legislative proposals and on initiatives having an impact on data protection and privacy.

Notice the mistakes with the footnotes, the repetition, the odd formatting etc. A rushed job? Did they properly investigate the complaint at all? Or did they look for excuses to dismiss it upfront? Did they use a template that refers to the subject as “company” or do they seriously think EPO is now a for-profit corporation? And if so, are corporations above the law and above the state? Here’s the original [PDF] FWIW.

04.13.21

In Support of Richard Stallman Normalizing Truth, Reason, Dialogue: Introduction

Posted in Free/Libre Software, FSF, GNU/Linux at 1:54 am by Guest Editorial Team

Published on April 5, 2021.

Last updated April 9, 2021.

Reproduced with permission. Licence: Attribution-ShareAlike 4.0 Generic (CC BY-SA 4.0). Original Stallman Support.

False accusations were made against Richard Stallman in September 2019. Although others pointed out the mistakes, the stage had been set for a cascade of defamatory reactions that followed and spread like wildfire. This was fueled by misquotes and distortion of events in mainstream headlines, blogs, and social media, leading ultimately to Stallman’s resignation from his positions at MIT and the FSF.

A new wave of attacks was launched when the reinstatement of Richard Stallman in the FSF Board of Directors was announced on March 21, 2021.

Free software and free culture advocates around the world were outraged at the injustice. Members of the community at large felt hurt and looked for ways to voice their pain and repair the damage caused.

Some published accurate articles, objectively and meticulously showcasing the facts. Many others wrote short comments in blogs and news websites pointing out the errors that were being swiftly propagated by copy paste “authors.” Still others sent letters of concern to the FSF.

A petition[1] was launched to condemn bad press and demand apologies to Stallman from journalists who knowingly or incompetently spread false information. It was to no avail. Journalists never corrected their erroneous headlines, let alone apologize. The petition is now stale (and it requires JavaScript.) Better to sign the letter of support.

We have become sadly familiar with the terms “misinformation and disinformation” and the need to critically examine the agendas and mindsets motivating these campaigns as well as check the facts behind their assertions. To our collective social woe, disinformation succeeds because so many people care deeply about injustice but do not take the time to study the facts before passing along or acting on disinformation.

Because many of those who attack Stallman —or even supporters who speak up for him— may only have a partial notion of who he is and all that he has contributed towards a more fair and just society, we start our story there. Who is Richard Stallman?


References and Notes

  1. https://www.change.org/p/journalists-to-stop-the-persecution-of-stallman-and-apologize-publicly

Lunduke: Stallman & The FSF Respond To The Mob!

Posted in Free/Libre Software, FSF, GNU/Linux at 1:44 am by Guest Editorial Team

Summary: A video response in support of RMS

04.10.21

Breaking News: Campinos to Appear Before the Legals Affairs Committee of the European Parliament on Monday 12 April

Posted in Europe, Patents at 5:57 pm by Guest Editorial Team

From the original document: [PDF]

JURI EPO

Summary: “Some MEPs have been briefed about ongoing governance deficits at the EPO, in particular the lack of GDPR compliance and the sell-out of "digital sovereignty" to Microsoft, but it remains to be seen whether or not they will dare to bring these issues up during the hearing.”

THE EPO President António Campinos is scheduled to appear before the Legals Affairs Committee of the European Parliament (known as the JURI Committee) on Monday 12 April.

The part of the session dealing with the EPO is scheduled to take place some time after 15:15 Central European Time (14:15 UK Time) and should be streamed live on the website of the European Parliament.

“…it is not clear what exactly this “exchange of views” is supposed to cover.”According to the draft agenda, the purpose of the hearing is an “Exchange of views with European Patent Office (EPO)”. However, it is not clear what exactly this “exchange of views” is supposed to cover.

The last time the JURI Committee of the European Parliament took an interest in the EPO was back in 2015 when the UPC project looked like it was ready to take off.

On that occasion, in May 2015, a delegation of MEPS from the JURI Committee went on a junket to visit the EPO headquarters in Munich where they were wined and dined by Benoît Battistelli and "Mrs UPC" Margot Fröhlinger.

Of course the MEPs didn’t make any effort to speak to EPO staff or to the Staff Union SUEPO so all they got was one-sided PR spin from Team Battistelli.

Some time later in June 2015, Battistelli appeared before the JURI Committee. (warning: epo.org link)

“Some MEPs have been briefed about ongoing governance deficits at the EPO, in particular the lack of GDPR compliance and the sell-out of “digital sovereignty” to Microsoft, but it remains to be seen whether or not they will dare to bring these issues up during the hearing.”Battistelli was given a very easy ride by the MEPs most of whom didn’t appear to have much of a clue about what was going on at the EPO.

The only critical question came from the Greek MEP, Kostas Chrysogonos, who asked about the state of labour relations at the EPO.

Battistelli just brushed this aside with his usual bluff and bluster. A recording of that hearing is available on the website of the European Parliament.

Battistelli appeared for a further hearing before the JURI Committee on 23 March 2017 [PDF] to report on “The Unitary Patent: state of play”. Once again Battistelli was given a very easy ride by the MEPs.

JURI UPC

So it will be interesting to see what happens on Monday when Campinos appears before the JURI Committee. Will it be business as usual or is somebody finally going to start asking the questions that need to be asked?

Some MEPs have been briefed about ongoing governance deficits at the EPO, in particular the lack of GDPR compliance and the sell-out of "digital sovereignty" to Microsoft, but it remains to be seen whether or not they will dare to bring these issues up during the hearing.

« Previous entries Next Page » Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts