Author: Glyn Moody

China has passed new anti-terrorism legislation that requires telecoms and Internet companies to provide "technical interfaces, decryption and other technical support assistance to public security organs and state security organs conducting prevention and investigation of terrorist activities in accordance with law" (Article 18). Chinese authorities must be able to carry out surveillance on all services, including encrypted communications. However, there is no explicit requirement to add backdoors to systems, as was proposed in an earlier draft version of the law published in January 2015.

Article 19 of the new law spells out the requirements in more detail: "Telecommunications operators and internet service providers shall, according to provisions of law and administrative regulations, put into practice network security systems and information content monitoring systems, technical prevention and safety measures, to avoid the dissemination of information with terrorist or extremist content."

In addition, where "information with terrorist or extremist content" is discovered, its dissemination must be halted, websites closed, records saved, and a report made to "public security organs." This also applies to information held outside China: "Departments for network communications shall adopt technical measures to interrupt transmission of information with terrorist or extremist content that crosses borders online."

The City of London Police's Intellectual Property Crime Unit (PIPCU) claims to have "dismantled a gang suspected of uploading and distributing tens of thousands of karaoke tracks online." However, it turns out that this "gang" is actually three blokes, aged 60, 53, and 50: one man from Barnstaple, Devon and two men living in Bury, Lancashire.

PIPCU's press release says: "hundreds of albums have had their copyright uploaded by the men, leading to thousands and thousands of tracks being accessed illegally and depriving legitimate music companies of a significant amount of money." That sounds dramatic, but once again the reality is rather different.

An online list of the karaoke titles provided by the "gang," which calls itself KaraokeRG, says: "They were created primarily because they are not available from any professional karaoke manufacturers." This means that far from losing "a significant amount of money," music companies were actually deprived of little or nothing, since there were no legal copies that people could pay for.

Changes to UK copyright law will soon mean that you may need to take out a licence to photograph classic designer objects even if you own them. That's the result of the Enterprise and Regulatory Reform Act 2013, which extends the copyright of artistic objects like designer chairs from 25 years after they were first marketed, to 70 years after the creator's death. In most cases that will be well over a hundred years after the object was designed. During that period, taking a photo of the item will often require a licence from the copyright owner, regardless of who owns the particular object in question.

The UK government is holding a consultation into when this change should enter into force: after a six-month, three-year, or five-year transitional period. The Digital Reader quotes an article in The Bookseller that puts the starting date as October 2016, but without citing its source. In any case, the change is definitely coming, and quite soon.

As with the recent announcement that it is once again illegal to make private copies of music you own, it is unlikely that the public will pay much attention to this latest example of copyright being completely out of touch with how people actually use digital technology. But for professionals, the consequences will be serious, and not so easily ignored.

The European Commission's new "modern, more European" copyright framework, unveiled today, has ruled out a tax on hyperlinks. But it could still lead to the introduction of a Europe-wide ancillary copyright that would require people to pay a licensing fee for the use of short snippets online. This confirms earlier reports that the EU Commissioner for Digital Economy and Society, Günther Oettinger, was "open" to the idea of imposing a "Google tax" on the use of snippets.

On the issue of ancillary copyright, also known as a Google tax, the document detailing the European Commission's plans contains the following comment: "the situation raises questions about whether the current set of rights recognised in EU law is sufficient and well-designed. For news aggregators, in particular, solutions have been attempted in certain Member States, but they carry the risk of more fragmentation in the digital single market."

The "solutions" refer to attempts by Germany and Spain to require search engines—particularly Google—to pay publishers for using snippets from their publications in search results. As Ars reported in July, these have been unmitigated failures, and it's troubling to see the European Commission countenance the idea of extending a Google tax to the whole of the EU on the pretext of addressing "fragmentation" in the digital single market.

The European Union has drawn up a set of rules governing the security of the region's digital infrastructure. Under the framework provisionally agreed last night by Members of the European Parliament (MEPs) and the Luxembourg Presidency of the EU Council of Ministers, transport, energy and other key companies will have to ensure that the digital infrastructure that they use to deliver essential services, such as traffic control or electricity grid management, is resilient enough to withstand online attacks. Similarly, major digital marketplaces like eBay or Amazon, search engines, and cloud services will be required to ensure that their infrastructure is secure, and to report major incidents. Smaller digital companies will be exempt from these requirements.

As a press release from the European Parliament explains: "MEPs put an end to current fragmentation of 28 cybersecurity systems by listing sectors—energy, transport, banking, financial market, health and water supply—in which critical service companies will have to ensure that they are robust enough to resist cyber-attacks. These companies must also be ready to report serious security breaches to public authorities."

Member states will be required to identify "operators of essential services" from these key sectors, using various criteria such as whether the service is critical for society and the economy, whether it depends on network and information systems, and whether an incident could have significant disruptive effects on its provision, or public safety.

The Austrian privacy activist Max Schrems has sent complaints to the data protection agencies in three EU countries—Ireland, Germany, and Belgium—asking them to suspend the flow of personal data from Facebook's operations in Ireland to the US. This follows his earlier success at the Court of Justice of the European Union (CJEU), which ruled that the Safe Harbour framework under which personal data was being transferred was no longer valid because of mass surveillance of EU citizens by the NSA. Subsequently, the Irish High Court said that the Irish data protection commissioner (DPC) was obliged to investigate Schrems' earlier complaints.

His letter to the authorities in Ireland, where Facebook has its European headquarters, asks the Irish data protection agency "to suspend all data flows from 'Facebook Ireland Ltd' to 'Facebook Inc'." Schrems makes the same request to the data protection agencies in Germany and Belgium. In a release accompanying his complaints, Schrems explains why he has taken this unusual approach of involving several data protection agencies (DPAs): "My personal experience with the Irish DPC are rather mixed, which is why I felt involving more active DPAs make proper enforcement actions more likely. I hope the DPAs will cooperate in this case."

Schrems' unhappiness with the way the Irish DPC has dealt with his earlier complaints, and his fear that it still might not implement the CJEU ruling, is evident in a section of his new submission that is headed "Misconduct in public office." It contains the following extraordinary passage: