An anonymous reader quotes a report from TorrentFreak: When the French government formed a new anti-piracy agency called Hadopi, the mission was to significantly disrupt BitTorrent and similar peer-to-peer file-sharing networks. Hadopi was a pioneer of the so-called "graduated response" scheme which consists of monitoring a file-sharer's internet activities and following up with a warning notice to deter their behavior. Any future incidents attract escalating responses including fines and internet disconnections. Between 2010 and 2020, Hadopi issued 12.7 million warning notices at a cost to French taxpayers of 82 million euros. The program's effect on overall piracy rates remains up for debate but according to French internet rights groups, Hadopi doesn't just take citizens' money. When it monitors citizens' internet activities, retains huge amounts of data, and then links identities to IP addresses to prevent behavior that isn't a "serious crime," Hadopi violates fundamental rights.

Despite its authorization under the new law, the official launch of the Hadopi agency in 2009 met with significant opposition. File-sharers had issues with the program for obvious reasons but for digital rights group La Quadrature du Net, massive internet surveillance to protect copying rights had arrived at the expense of citizens' fundamental right to privacy. La Quadrature's opposition to the Hadopi anti-piracy program focuses on the law crafted to support it. One of the implementing decrees authorizes the creation of files containing internet users' IP addresses plus personal identification data obtained from their internet service providers. According to the digital rights group's interpretation of EU law, that is unlawful.

With support from the Federation of Associative Internet Service Providers, French Data Network, and Franciliens.net, in 2019 La Quadrature filed an appeal before the Council of State (Conseil d'Etat), requesting a repeal of the decree that authorizes the processing of personal information. The Council of State referred the matter to the Constitutional Council and its subsequent decision gave La Quadrature the impression that Hadopi's position was untenable. For their part, Hadopi and the government reached the opposite conclusion. The Council of State heard La Quadrature's appeal and then referred questions to the Court of Justice of the European Union (CJEU) for interpretation under EU law. In CJEU Advocate General Szpunar's non-binding opinion issued last October, friction between privacy rights and the ability to enforce copyrights were on full display. [...] Faced with an opinion that recognizes difficulties faced by rightsholders but runs up against case-law, AG Szpunar proposed "readjustment of the case-law of the Court." This would ensure that rightsholders retain the ability to enforce their rights, when an IP address is the only means by which an infringer can be identified (CJEU, pdf). The first court hearing occurred on Tuesday, and a further legal opinion is expected in late September 2023. The ruling from the CJEU is expected before the end of the year.

The UK government has announced an investment of up to $1.25 billion in the domestic semiconductor industry, but has been criticised for declining to join the spending race that has seen the US and EU announce significantly bigger programmes. From a report: Labour accused the government of lacking ambition in its announcement, while one UK startup said the 1bn pound figure was less than the cost of one basic semiconductor plant. The U's long-awaited national semiconductor strategy would focus on the country's existing strengths in the technology. Semiconductors, or microchips, are the "brains" of electronic devices, formed by wafers of silicon that are key to most forms of modern technology, from cars, smartphones and kitchen devices to power stations. Under the strategy, the planned decade-long investment would be targeted at areas such as design, research and development. "Semiconductors underpin the devices we use every day and will be crucial to advancing the technologies of tomorrow," said the prime minister, Rishi Sunak. "Our new strategy focuses our efforts on where our strengths lie, in areas like research and design, so we can build our competitive edge on the global stage."

Big tech companies accounting for more than 5% of a telecoms provider's peak average internet traffic should help fund the rollout of 5G and broadband across Europe, according to a draft proposal by the telecoms industry. From a report: The proposal is part of feedback to the European Commission which launched a consultation into the issue in February. The deadline for responses is Friday. Alphabet's Google, Apple, Facebook-owner Meta, Amazon, Netflix and TikTok would most likely be hit with fees, according to industry estimates. Google, Apple, Meta, Netflix, Amazon and Microsoft together account for more than half of data internet traffic.

The document, which was reviewed by Reuters and has not been published, was compiled by telecoms lobbying groups GSMA and ETNO. They represent 160 operators in Europe, including Deutsche Telekom, Orange, Telefonica and Telecom Italia. Telecom operators have lobbied for years for leading technology companies to help foot the bill for 5G and broadband roll-out, saying that they create a huge part of the region's internet traffic. This is the first time they have tried to define a threshold for who should pay.

European Union states on Tuesday gave the final nod to the world's first comprehensive set of rules to regulate cryptoassets on Tuesday, piling pressure on countries such as Britain and the United States to play catch up. From a report: An EU finance minister meeting in Brussels approved rules that were thrashed out with the European Parliament, which gave its approval in April. The rules are expected to be rolled out from 2024. Regulating crypto has become more urgent for regulators after the collapse of crypto exchange FTX. "Recent events have confirmed the urgent need for imposing rules which will better protect Europeans who have invested in these assets, and prevent the misuse of crypto industry for the purposes of money laundering and financing of terrorism," said Elisabeth Svantesson, finance minister for Sweden, which holds the EU presidency.

The rules require firms that want to issue, trade and safeguard cryptoassets, tokenised assets and stablecoins in the 27 country bloc to obtain a licence. Ministers took steps to combat tax evasion and the use of cryptoasset transfers for money laundering by making transactions easier to trace. They agreed on a requirement that from January 2026 service providers obtain the name of senders and beneficiaries in cryptoassets, regardless of the amount being transferred.

Microsoft's Azure cloud business has been targeted by the European Union's antitrust arm, amid concerns the US software firm is leveraging its market power to squeeze out rivals. From a report: As part of an informal probe, regulators are quizzing competitors and customers about how Microsoft may be abusing its access to business-sensitive information belonging to cloud firms it has commercial dealings with, according to documents seen by Bloomberg. EU antitrust enforcers want to know whether Microsoft then leverages such confidential information to compete with cloud-service providers on the market, said two people familiar with the matter, who spoke on condition of anonymity.

The EU's escalation follows on the heels of a series of complaints from cloud firms over Microsoft's behavior -- including CISPE, an industry group with links to Amazon.com's Amazon Web Services. The scrutiny of cloud competition coincides with Microsoft's efforts to convince regulators around the world to approve its $69 billion acquisition of Activision Blizzard, publisher of blockbuster game Call of Duty. The European Commission, the EU watchdog, on Monday conditionally approved the tie-up, just weeks after the UK's competition authority vetoed it.

European regulators have approved Microsoft's $69 billion acquisition of Activision Blizzard, handing the technology giant a victory at a time when the deal is being challenged in other countries. From a report: While the merger could harm competition in some respects, particularly in the fast-growing market for cloud gaming services, concessions by Microsoft were enough to mitigate antitrust concerns stemming from the deal, the European Commission said in a statement. Among Microsoft's offers were a 10-year commitment letting European consumers play Activision titles on any cloud gaming service. Microsoft also committed that it would not downgrade the quality or content of its games made available on rival streaming platforms.

The European Union plans to force crypto companies to give tax authorities details of their clients' holdings, according to a draft bill released to CoinDesk under freedom of information laws. From a report: The data-sharing law, based on a model from the Organization for Economic Cooperation and Development (OECD), is set to be agreed by finance ministers next week, and will allow tax authorities to share data within the 27-nation bloc. Commission officials have said the bill received unanimous acclaim at a meeting on Wednesday, though people familiar with the matter told CoinDesk that some finance ministers have not yet received formal approval from parliaments.

The bill, dated May 5, closely matches proposals made by the European Commission in December 2022, as part of a bid to stop EU residents stashing crypto abroad to hide it from the taxman. The commission would have to set up a register of crypto asset operators' by December 2025, bringing forward a previous deadline by one year, and the rules will apply as of Jan. 1, 2026. Controversially, the law -- known as the eighth directive on administrative cooperation (DAC8) -- still includes platforms for trading non-fungible tokens that can be used for payment or investment, and providers from outside the bloc that have EU clients.

The EU is planning an undersea internet cable to improve connectivity to Georgia and reduce dependence on lines running through Russia, amid growing concerns about vulnerabilities to infrastructure transmitting global data. From a report: The $49mn cable will link EU member states to the Caucasus via international waters in the Black Sea, stretching a span of 1,100km. The project aims to reduce the region's "dependency on terrestrial fibre-optic connectivity transiting via Russia," the European Commission said in a policy document. The EU and Georgia jointly identified the need for the Black Sea internet cable in 2021 to improve Georgia's digital connectivity. However, the war in Ukraine has added impetus to the project, given the need to avoid relying on "connections that are not secure or stable," said a person with knowledge of the proposal.

Internet cables have come under scrutiny because of global concerns around espionage, as land-based lines and the stations where submarine cables come ashore are seen as vulnerable to interception by governments, hackers and thieves. Concerns around intentional sabotage of undersea cables and other maritime infrastructure have also grown since multiple explosions on the Nord Stream gas pipelines last September, which media reports recently linked to Russian vessels. Two cables off the coast of Norway were cut in 2021 and 2022, sparking concerns about malicious attacks.

At I/O 2023 earlier this week, Google announced that it's expanding its AI chatbot Google Bard to 180 countries. However, what Google didn't mention is that Bard still isn't available in the European Union. From a report: On a support page, Google details the full list of 180 countries in which Bard is now available. This includes countries all over the globe, but very noticeably not any countries that are a part of the European Union. It's a big absence from what is otherwise a global expansion for Google's AI. The reason why isn't officially stated by Google, but it seems reasonable to believe that it's related to GDPR. Just last month, Italy briefly banned ChatGPT over similar concerns that the AI couldn't comply with the regulations. Google also slyly hints this might be the case saying that further Bard expansions will be made "consistent with local regulations."

Veteran open source report Steven J. Vaughan-Nichols, writing at The Register: We can all agree that securing our software is a good thing. Thanks to one security fiasco after another -- the SolarWinds software supply chain attack, the perpetual Log4j vulnerability, and the npm maintainer protest code gone wrong -- we know we must secure our code. But the European Union's proposed Cyber Resilience Act (CRA) goes way, way too far in trying to regulate software security. At the top level, it looks good. Brussels states that before "products with digital elements" are allowed on the EU market, manufacturers must follow best practices in four areas. Secure the product over its whole life; follow a coherent cybersecurity framework; show cybersecurity transparency; and ensure customers can use products securely. Sounds great, doesn't it? But the road to hell is paved with good intentions. The devil, as always, is in the details. Some of this has nothing to do with open source software. Good luck creating any program in any way that a clueless user can't screw up.

But the EU commissioners don't have a clue about how open source software works. Or, frankly, what it is. They think that open source is the same as proprietary software with a single company behind it that's responsible for the work and then monetizes it. Nope. Open source, as I've said over and over again, is not a business model. Sure, you can build businesses around it. Who doesn't these days? But just as the AWSes, Googles, and Facebooks of the world depend on open source software, they also use programs written by Tom, Denise, and Harry from around the world. The CRA's underlying assumption is that you can just add security to software, like adding a new color option to your car's paint job. We wish!

Securing software is a long, painful process. Many open source developers have neither the revenue nor resources to secure their programs to a government standard. The notional open source developer in Nebraska, thanklessly maintaining a vital small program, may not even know where Brussels is (it's in Belgium). They can't afford to secure their software to meet EU specifications. They often have no revenue. They certainly have no control over who uses their software. It's open source, for pity's sake! As open source developer Thomas Depierre recently blogged: "We are not suppliers. All the people writing and maintaining these projects, we are not suppliers. We do not have a business relationship with all these organizations. We are volunteers, writing code and putting it online under these Licenses." Exactly.

An anonymous reader shares an excerpt from a collaborative investigation between Motherboard, lavialibera, and IrpiMedia: Mafioso Bartolo Bruzzaniti needed everyone to do their job just right. First, the Colombian suppliers would hide a massive amount of cocaine inside bananas at the port city of Turbo, Colombia. That shipping container would then be transported across the ocean to Catania, in Sicily, Italy. A corrupt port worker on the mafia's payroll would wave the shipment through and had advised the group how to package the drugs. This was so the cocaine could remain undetected even if the worker was forced to scan the shipment. Another group of on-the-ground mafiosos would then unload the cocaine outside of the port.

In March 2021, Bruzzaniti, an alleged member of the infamous 'Ndrangheta mafia group and who says Milan belongs to him "by right," asked his brother Antonio to go fetch something else crucial to the traffickers' success. "Go right now," Bruzzaniti wrote in a text message later produced in court records. "It's needed urgently." Investigators know what Bruzzaniti said because European authorities had penetrated an encrypted phone network called Sky and harvested around a billion of the users' messages. These phones are the technological backbone of organized crime around the world.

The thing Antonio needed to urgently fetch was a phone from a different encrypted phone network, one that the authorities appear to have not compromised and which the mafia have been using as part of their operations. To that phone, a contact sent one half of the shipping container's serial number. A reporting collaboration between Motherboard, lavialibera, and IrpiMedia has identified that encrypted phone as being run by a company called No. 1 Business Communication (No. 1 BC). The investigation has found members of the mafia and other organized crime groups turning to No. 1 BC as authorities cracked down on other platforms. The collaboration has identified multiple key players in No. 1 BC's development, sales, and legal structure. "Take the bc1 right away," Bruzzaniti wrote in another text, referring to the No. 1 BC phone.

EU lawmakers on Thursday urged the European Commission to continue talks to reinforce a proposed data transfer pact with the United States, saying there were still shortcomings in the agreement. From a report: The move could further delay an accord which is critical for thousands of companies. The EU executive in a draft decision in December said that U.S. safeguards against American intelligence activities were strong enough to address EU data privacy concerns. Such worries had prompted Europe's top court to strike down two previous data transfer pacts, affecting thousands of companies that move Europeans' personal data across the Atlantic for commercial use such as financial services, human resources and e-commerce. "This new proposal contains significant improvements, but unfortunately, we are not there yet," lawmaker Juan Fernando Lopez Aguilar said after the assembly voted in a non-binding resolution against the proposed pact.

European lawmakers came a step closer to passing new rules regulating artificial intelligence tools such as ChatGPT, following a crunch vote on Thursday where they agreed tougher draft legislation. From a report: The European Union's highly anticipated AI Act looks set to be the world's first comprehensive legislation governing the technology, with new rules around the use of facial recognition, biometric surveillance, and other AI applications. After two years of negotiations, the bill is now expected to move to the next stage of the process, in which lawmakers finalise its details with the European Commission and individual member states.

Speaking ahead of the vote by two lawmakers' committees, Dragos Tudorache, one of the parliamentarians (MEPs) charged with drafting the laws, said: "It is a delicate deal. But it is a package that I think gives something to everyone that participated in these negotiations. Our societies expect us to do something determined about artificial intelligence, and the impact it has on their lives. It's enough to turn on the TV ... in the last two or three months, and every day you see how important this is becoming for citizens." Under the proposals, AI tools will be classified according to their perceived level of risk, from low to unacceptable. Governments and companies using these tools will have different obligations, depending on the risk level.

Clearview AI, the US startup that's attracted notoriety in recent years for a massive privacy violation after it scraped selfies off the Internet and used people's data to build a facial recognition tool it pitched to law enforcement and others, has been hit with another fine in France over non-cooperation with the data protection regulator. From a report: The overdue penalty payment of $5.7M has been issued by the French regulator, the CNIL -- on top of a $22M sanction it slapped the company with last year for breaching regional privacy rules. The European Union's General Data Protection Regulation (GDPR) sets out conditions for processing personal data lawfully. Clearview has been found to have breached a number of requirements set out in law -- by France's CNIL and several other regional data protection authorities, including authorities in the UK, Italy and Greece, garnering several tens of millions in total fines to date. Whether Clearview will ever pay any of these fines remains an open question, since the US-based company has not been cooperating with EU regulators.

An anonymous reader shares a report: When Mohamed Maslouh, a London-based contractor, was assigned to enter data into Google's internal gHire recruitment system last September, he noticed something surprising. The database contained the profiles of thousands of people in the EU and U.K. whose names, phone numbers, personal email addresses and resumes dated back as far as 2011. Maslouh knew something was amiss, as he had received data-protection training from Randstad, the European human-resources giant that employed him, and was aware of the EU's five-year-old General Data Protection Regulation (GDPR), which remained part of British law after Brexit.

Under the law, companies in the European Union and U.K. may not hang onto anyone's personal data -- that is, information relating to any identifiable living person -- for longer than is strictly necessary, which generally means a maximum retention time measured in weeks or months. Google may now face investigations over potential violations of the GDPR, after Maslouh filed protected whistleblower complaints with the U.K. Information Commissioner's Office in November and with the Irish Data Protection Commission (DPC) -- which has jurisdiction over Google's activities in the EU -- in February.

An anonymous reader quotes a report from The Guardian: An EU plan under which all WhatsApp, iMessage and Snapchat accounts could be screened for child abuse content has hit a significant obstacle after internal legal advice said it would probably be annulled by the courts for breaching users' rights. Under the proposed "chat controls" regulation, any encrypted service provider could be forced to survey billions of messages, videos and photos for "identifiers" of certain types of content where it was suspected a service was being used to disseminate harmful material. The providers issued with a so-called "detection order" by national bodies would have to alert police if they found evidence of suspected harmful content being shared or the grooming of children.

Privacy campaigners and the service providers have already warned that the proposed EU regulation and a similar online safety bill in the UK risk end-to-end encryption services such as WhatsApp disappearing from Europe. Now leaked internal EU legal advice, which was presented to diplomats from the bloc's member states on 27 April and has been seen by the Guardian, raises significant doubts about the lawfulness of the regulation unveiled by the European Commission in May last year. The legal service of the council of the EU, the decision-making body led by national ministers, has advised the proposed regulation poses a "particularly serious limitation to the rights to privacy and personal data" and that there is a "serious risk" of it falling foul of a judicial review on multiple grounds.

The EU lawyers write that the draft regulation "would require the general and indiscriminate screening of the data processed by a specific service provider, and apply without distinction to all the persons using that specific service, without those persons being, even indirectly, in a situation liable to give rise to criminal prosecution." The legal service goes on to warn that the European court of justice has previously judged the screening of communications metadata is "proportionate only for the purpose of safeguarding national security" and therefore "it is rather unlikely that similar screening of content of communications for the purpose of combating crime of child sexual abuse would be found proportionate, let alone with regard to the conduct not constituting criminal offenses." The lawyers conclude the proposed regulation is at "serious risk of exceeding the limits of what is appropriate and necessary in order to meet the legitimate objectives pursued, and therefore of failing to comply with the principle of proportionality". The legal service is also concerned about the introduction of age verification technology and processes to popular encrypted services. "The lawyers write that this would necessarily involve the mass profiling of users, or the biometric analysis of the user's face or voice, or alternatively the use of a digital certification system they note 'would necessarily add another layer of interference with the rights and freedoms of the users,'" reports the Guardian.

"Despite the advice, it is understood that 10 EU member states -- Belgium, Bulgaria, Cyprus, Hungary, Ireland, Italy, Latvia, Lithuania, Romania and Spain -- back continuing with the regulation without amendment."

An anonymous reader shares a report: Last year, the EU passed legislation that will require the iPhone and many other devices with wired charging to be equipped with a USB-C port in order to be sold in the region. Apple has until December 28, 2024 to adhere to the law, but the switch from Lightning to USB-C is expected to happen with iPhone 15 models later this year. It was rumored in February that Apple may be planning to limit charging speeds and other functionality of USB-C cables that are not certified under its "Made for iPhone" program. Like the Lightning port on existing iPhones, a small chip inside the USB-C port on iPhone 15 models would confirm the authenticity of the USB-C cable connected. "I believe Apple will optimize the fast charging performance of MFi-certified chargers for the iPhone 15," Apple analyst Ming-Chi Kuo said in March.

In response to this rumor, European Commissioner Thierry Breton has sent Apple a letter warning the company that limiting the functionality of USB-C cables would not be permitted and would prevent iPhones from being sold in the EU when the law goes into effect, according to German newspaper Die Zeit. The letter was obtained by German press agency DPA, and the report says the EU also warned Apple during a meeting in mid-March.

The EU has been warned that it risks handing control of artificial intelligence to US tech firms if it does not act to protect grassroots research in its forthcoming AI bill. From a report: In an open letter coordinated by the German research group Laion, or Large-scale AI Open Network, the European parliament was told that "one-size-fits-all" rules risked eliminating open research and development. "Rules that require a researcher or developer to monitor or control downstream use could make it impossible to release open-source AI in Europe," which would "entrench large firms" and "hamper efforts to improve transparency, reduce competition, limit academic freedom, and drive investment in AI overseas," the letter says.

It adds: "Europe cannot afford to lose AI sovereignty. Eliminating open-source R&D will leave the European scientific community and economy critically dependent on a handful of foreign and proprietary firms for essential AI infrastructure." The largest AI efforts, by companies such as OpenAI and Google, are heavily controlled by their creators. It is impossible to download the model behind ChatGPT, for instance, and the paid-for access that OpenAI provides to customers comes with a number of restrictions, legal and technical, on how it can be used. By contrast, open-source AI efforts involve creating an AI model and then releasing it for anyone to use, improve or adapt as they see fit.

Microsoft has offered to charge different prices for its Office product with and without its Teams app to stave off a possible EU antitrust investigation and fine, two people familiar with the matter said. From a report: Microsoft has been seeking to address the EU competition enforcer's concerns since last year after Salesforce-owned workspace messaging app Slack complained to the European Commission, other people familiar with the matter told Reuters in December. Slack in 2020 alleged that Microsoft has unfairly integrated its workplace chat and video app Teams into its Office product. The U.S. tech giant introduced Teams in 2017 targeting the fast-growing and lucrative workplace collaboration market. The European Commission on Thursday said there were other complainants besides Slack.

The low-profile firm that has become crucial to a half-trillion-dollar global industry. From a report: In 1984, Martin van den Brink, a young Dutch engineer, joined a newly created venture in a quiet corner of the Netherlands. Little did he know then that about 40 years on the company would be so crucial to the $580 billion semiconductor industry that it would be the epicenter of a US-China chip war. ASML Holding NV, where Van den Brink is now the chief technology officer, practically owns the market for a critical piece of equipment needed to produce the brains of everything that makes modern life possible -- from cars and smartphones to computers, microwaves and airplanes. With the company's high-end machines churning out chips that can also go into state-of-the-art weapons and artificial intelligence devices, ASML is effectively being treated as critical infrastructure for US national security and has become a target of industrial espionage for China. "I never expected to be where we are today," said Van den Brink.

Over his nearly four decades at the company, ASML has gone from a bit player competing with the likes of Nikon, Canon and Ultratech to the world's only maker of very high-end semiconductor lithography equipment. Its ascent has made it Europe's most valuable technology company, with a market capitalization of over $247 billion -- more than twice that of its customer Intel. In an industry where devices typically cost $10 million, ASML commands about $180 million for its current top-end machine. And although the chip market has softened recently, ASML is still growing and its long-term outlook seems intact, thanks to the insatiable demand for computing power.

"This is a company that the world can't exist without," said Jon Bathgate, a fund manager at NZS Capital in Denver, which has about $2 billion under management, with ASML as one of its biggest holdings. "They've got a 20-year head start... Investors have clearly realized how important ASML is as a company and how difficult it would be to replicate. It's a natural monopoly with secular growth winds. That's unique." As chips become for geopolitics in the 21st century what oil was in the last one, ASML's singular success has thrust it squarely in the crosshairs of the intensifying tensions between the US and China. With the US focused on the strategic importance of semiconductors, Presidents Donald Trump and Joe Biden have done everything to ensure that China is a couple of generations behind in chips. No company is more critical to that effort than ASML.