An Austrian student has kicked off a movement that pits EU privacy rules against Facebook's data collection practices. Max Schrems requested a copy of the data Facebook had collected on him (which Facebook is required to provide under EU law) and found himself with more than 1,000 pages of data that demonstrated several clear breaches of EU privacy laws. Kim Cameron has a good writeup on the ensuing complaints that Schrems filed:

Max is a 24 year old law student from Vienna with a flair for the interview and plenty of smarts about both technology and legal issues. In Europe there is a requirement that entities with data about individuals make it available to them if they request it. That’s how Max ended up with a personalized CD from Facebook that he printed out on a stack of paper more than a thousand pages thick (see image below). Analysing it, he came to the conclusion that Facebook is engineered to break many of the requirements of European data protection. He argues that the record Facebook provided him finds them to be in flagrante delicto.

The logical next step was a series of 22 lucid and well-reasoned complaints that he submitted to the Irish Data Protection Commissioner (Facebook states that European users have a relationship with the Irish Facebook subsidiary). This was followed by another perfectly executed move: setting up a web site called Europe versus Facebook that does everything right in terms using web technology to mount a campaign against a commercial enterprise that depends on its public relations to succeed.

Europe versus Facebook, which seems eventually to have become an organization, then opened its own YouTube channel. As part of the documentation, they publicised the procedure Max used to get his personal CD. Somehow this recipe found its way to reddit where it ended up on a couple of top ten lists. So many people applied for their own CDs that Facebook had to send out an email indicating it was unable to comply with the requirement that it provide the information within a 40 day period.

Europeans: this Saturday marks the fifth annual Freedom Not Fear day, when Europeans take to the streets to ask their governments to respond to extremists and terror attacks by affirming the values of a free society, not by taking them away. This year, activists are converging on Brussels to ask the EU to stop pretending that you can keep a society safe by taking away its liberties.

As the world reflects on the decade following September 11th, Freedom not Fear protesters are attempting to reverse the unfortunate post-911 legacy of online anti-privacy measures. In the wake of 9/11, international government responses had significant impact on Internet privacy. The “war on terror” rhetoric enabled one of the most effective international policy laundering campaigns to quickly enact unpopular and often covert policies with minimal fanfare. Within 45 days of 9/11, then-president George W. Bush already sent his much-wanted surveillance wish list to the European Union. In a letter to the European Commission President in Brussels, the United States sets out a blueprint for privacy erosions the EU could undertake that have sacrificed privacy for little gain in the struggle against terrorism.

The letter called on the EU to eliminate existing privacy protections so that online companies would be free to retain their customers’ online activities: “[r]evise draft privacy directives that call for mandatory destruction to permit the retention of critical data for a reasonable period.” What did this proposed revision mean? One of the key European privacy protections is the data minimization principle. This provision compels companies to limit their collection of personal information to a specific purpose [e.g., billing], and keep their data for only a specific period of time before destroying or irreversibly anonymizing it. This helps prevent online companies from developing sweeping databases on their customers’ activities, while the U.S. Government wished to encourage retention of everyone’s data, whether innocent or not, so investigators will have access to it

Freedom Not Fear: Ending A Decade Long Legacy of International Privacy Erosion

Michael "Big Short" Lewis continues his tour of the imploding Eurozone (previously: Ireland) with a stop in Germany, who hold all the cards in the European financial crisis. As always, Lewis is lucid, persuasive, entertaining and controversial. It's a long piece, but well, well worth the time.

The deputy finance minister further disturbs my wild assumptions about him by speaking clearly, even recklessly, about subjects most finance ministers believe it is their job to obscure. He offers up, without much prompting, that he has just finished reading the latest unpublished report by I.M.F. investigators on the progress made by the Greek government in reforming itself.

“They have not sufficiently implemented the measures they have promised to implement,” he says simply. “And they have a massive problem still with revenue collection. Not with the tax law itself. It’s the collection which needs to be overhauled.”

Greeks are still refusing to pay their taxes, in other words. But it is only one of many Greek sins. “They are also having a problem with the structural reform. Their labor market is changing—but not as fast as it needs to,” he continues. “Due to the developments in the last 10 years, a similar job in Germany pays 55,000 euros. In Greece it is 70,000.” To get around pay restraints in the calendar year the Greek government simply paid employees a 13th and even 14th monthly salary—months that didn’t exist. “There needs to be a change of the relationship between people and the government,” he continues. “It is not a task that can be done in three months. You need time.” He couldn’t put it more bluntly: if the Greeks and the Germans are to coexist in a currency union, the Greeks need to change who they are.

It’s the Economy, Dummkopf! (via Super Punch)

(Image: Run on Berlin Bank when War Declared, No Date, WWI, Bain Collection (LOC), a Creative Commons Attribution Share-Alike (2.0) image from pingnews's photostream)

Bruce Schneier rounds up a series of links about problems with airport full-body "pornoscanners." The German police call them "useless" (35 percent of fliers repeatedly set them off, though they weren't carrying anything dangerous), some scanners are set off by sweaty armpits, and the European Parliament requires EU aviation authorities to allow you to opt out of full body scans (both UK and Dutch airports have a "get scanned or don't fly" requirement for people pulled for full-body scans). Here a bit from the Agence France Presse:

The report said the machines were confused by several layers of clothing, boots, zip fasteners and even pleats, while in 10 percent of cases the passenger's posture set them off.

The police called for the scanners to be made less sensitive to movements and certain types of clothing and the software to be improved. They also said the US manufacturer L3 Communications should make them work faster.

In the wake of the 10-month trial which began on September 27 last year, German federal police see no interest in carrying out any more tests with the scanners until new more effective models become available, Welt am Sonntag said.

German Police Call Airport Full-Body Scanners Useless