The European Commission has announced that it's adopting new rules around open source software which will see it release software under open source licenses. From a report: The decision follows a Commission study that found investment in open source software leads on average to four times higher returns. There has also been a push for this type of action from the Public Money, Public Code campaign. If you're wondering what sort of code the EC could offer to the world, it gave two examples. First, there's its eSignature, a set of free standards, tools, and services that can speed up the creation and verification of electronic signatures that are legally valid inside the EU. Another example is LEOS (Legislation Editing Open Software) which is used to draft legal texts.

Gig economy companies operating in the European Union, such as Uber and Deliveroo, must ensure workers get the minimum wage, access to sick pay, holidays and other employment rights, unless they use genuinely independent contractors, under plans for new laws to crack down on fake self-employment. From a report: Publishing long-awaited draft legislation on Thursday, the European Commission said the burden of proof on employment status would shift to companies, rather than the individuals that work for them. Until now, gig economy workers have had to go to court to prove they are employees, or risk being denied basic rights. Nicolas Schmit, EU commissioner for jobs and social rights, told the Guardian and other European newspapers that internet platforms "have used grey zones in our legislation [and] all possible ambiguities" to develop their business models, resulting in a "misclassification" of millions of workers.

An anonymous reader quotes a report from Reuters: Britain's Dyson, which makes bagless vacuum cleaners, on Wednesday lost its fight for $198.4 million in compensation from the European Commission for alleged losses due to EU energy labelling rules. Dyson had challenged the rules introduced by the EU executive in 2014, saying the labelling requirements on vacuum cleaners discriminated against its technology, misled customers about the efficiency of some vacuum cleaners and unfairly benefited its German rivals.

It won the backing of the Luxembourg-based General Court, which in its 2018 ruling scrapped the EU energy labelling rules. Dyson subsequently went back to the same court seeking 176 million euros in compensation for losses allegedly incurred due to the rules. The court dismissed its claim. "By using the standardized empty receptacle testing method, the Commission did not manifestly and gravely disregard the limits on its discretion or commit a sufficiently serious breach of the principles of equal treatment and sound administration," judges said. Dyson said it would appeal.

Criminals have been selling fake vaccine certificates online and may be able to fool an EU system designed to verify the certificates' validity, researchers warn. BankInfoSecurity reports: [A] report released last week, "COVID-19 Vaccination Certificates in the Dark Web," which has not yet been peer-reviewed, notes that some darknet markets continue to sell supposed vaccine certificates for use in multiple countries. Four researchers - Dimitrios Georgoulias, Jens Myrup Pedersen, Morten Falch, Emmanouil Vasilomanolakis - who are all part of the Cyber Security Group at Aalborg University in Copenhagen, Denmark, reviewed vaccination certificate offerings from 17 marketplaces and 10 vendor shops. The researchers found that at least one vendor appears to be selling digital certificates, registered in Italy, that are being read as valid by mobile COVID-19 certificate-checking apps developed by both France and Denmark.

The Aalborg University researchers, however, note that many darknet markets forbid any listing containing any items related to COVID-19. But others, they say, do allow both physical and digital vaccine certificates to be offered for sale, and in some cases also "yellow vaccination cards" or other vaccination record cards that can be used as proof of vaccination, albeit only inside the country in which they were supposedly issued. "The listings are heavily focused on European countries and the United States, but there are also listings from other continents and countries, such as Brazil, Canada, Mexico and Australia," as well as Russia, the researchers write. "The pricing differs greatly between the different listings, with the cheapest certificate starting at $39 and the highest price reaching almost $2,800, which included both a physical and a digital certificate, registered in the United Kingdom," they write. Most markets accept bitcoin and monero cryptocurrencies as payment, they add, while a smaller number also take such digital coins as ethereum, cardano, litecoin and zcash. [...] The Aalborg University researchers note that buying a fake digital certificate gives the seller ample opportunity to scam a buyer.

If these fake COVID-19 certificates can indeed pass for valid ones, then one unanswered question remains: How? Many of the sites claim to have access to the systems used to issue certificates, either by hacking into them remotely, or having insiders who work at a healthcare or other health organization, the researchers say. "In the specific case of a listing on the Russian marketplace Hydra, the description even mentioned the exact location and hospital that the system was accessed from," they say. Another possibility, however, is that criminals have somehow stolen one or more private keys for the European system, which were issued to participating health organizations. If so, it would be difficult to revoke these keys, the researchers say, since doing so would invalidate what might be a large quantity of legitimate certificates too.

Germany's incoming government is throwing its weight behind a ban on the use of biometric identification technologies such as facial recognition in public places. From a report: According to their coalition deal, the Social Democrats (SPD), Greens and liberal Free Democrats (FDP) want to "exclude" biometric recognition in public spaces as well as automated state scoring systems by AI through European law. "Biometric recognition in public spaces as well as automated state scoring systems by AI are to be excluded under European law," reads the coalition agreement, presented on Wednesday.

The EU's Artificial Intelligence Act, proposed in April, creates product safety rules for "high risk" AI that is likely to cause harm to humans. It also bans certain "unacceptable" AI uses, such as social scoring and restricts the use of remote biometric identification in public places from law enforcement, unless it is to fight serious crime, such as terrorism. The AI Act's prohibitions are some of the bill's most contentious articles, and many European countries have yet to decide what they think. Germany's support of a ban could rally other countries to the same view. Belgium and Slovakia have already expressed their support.

According to Margrethe Vestager, EU's Commissioner for Competition, it's unlikely that the EU will ever become completely independent from other countries as far as semiconductor supply is concerned. Tom's Hardware reports: Leading contract makers of semiconductors -- such as Intel, Samsung Foundry, and Taiwan Semiconductor Manufacturing Co. -- spend around $30 billion per year on capital expenditures and billions on developing new process technologies. Analysts believe that a country, or a group of countries, that wants to build a competitive semiconductor industry locally would need to spend over $150 billion over a period of five years on direct help, tax breaks, and incentives. However, the chances of success are extremely low.

The EU official believes that such investments are impossible to make, which is why the bloc will continue to rely on internal and external chip supply. "The numbers I hear of, sort of, the upfront investments to be fully self-sufficient, that makes it not doable," said Vestager in an interview with CNBC. "What is important is that there is a different level of production capacity in Europe."

It is noteworthy that Europe does not produce smartphones or PCs, two kinds of applications that need chips made using leading-edge fabrication technologies. Meanwhile, the EU produces cars, consumer electronics, and other things that do not need chips made using the latest nodes. Thus, the bloc wants to expand production of chips for these products to protect its economy. It also does not want supply chains to be disrupted by China or tensions with the U.S. and Germany. At present, about 10% of the global chip supply is produced in Europe, down from 40% in 1990. The current goal that the block has is to expand its global chip production market share to 20% by 2030, which is already a very ambitious goal as chip manufacturing is growing. Vestager admits that to accomplish this goal, the EU needs to support local makers of semiconductors. Unfortunately, Margrethe Vestager does not announce any particular plans at this time.

Companies that run food delivery and ride-hailing apps are concerned that the European Union will push for gig workers to be considered employees rather than self-employed under a forthcoming proposal aimed at bolstering their labor rights. From a report: The draft European Commission proposal, seen by Bloomberg, would apply to any company that controls digital workers' performance by determining pay, controlling communication with customers, or offering future work based on previous performance -- a move that would be sure to hit companies like Uber Technologies, Deliveroo and Bolt Technology if implemented. These workers would have the "rebuttable presumption of employment," according to the draft, which would mean there is an employment arrangement no matter how the contract is worded. The EU's executive arm doesn't have the authority to mandate labor laws across the bloc and would leave it to EU countries to interpret the rules. The proposal, which is expected to made public next week, said some workers will still be considered "self-employed" but doesn't make clear which ones. Platforms that rely on gig work are pushing back against the commission's plans, which they argue risk putting food delivery workers and drivers out of work. They warn against stricter rules like those implemented by Spain, which prompted Deliveroo to pull out of the country and cost thousands of food delivery workers their jobs.

An anonymous reader quotes a report from Ars Technica: The CEOs of 13 large European telecom companies today called on tech giants -- presumably including Netflix and other big US companies -- to pay for a portion of the Internet service providers' network upgrade costs. In a "joint CEO statement," the European telcos described their proposal as a "renewed effort to rebalance the relationship between global technology giants and the European digital ecosystem." The letter makes an argument similar to one that AT&T and other US-based ISPs have made at times over the past 15 years, that tech companies delivering content over the Internet get a "free" ride and should subsidize the cost of building last-mile networks that connect homes to broadband access. These arguments generally don't mention the fact that tech giants already pay for their own Internet bandwidth costs and that Netflix and others have built their own content-delivery networks to help deliver the traffic that home-Internet customers choose to receive.

Today's letter from European ISPs was signed by the CEOs of A1 Telekom Austria Group, Vivacom, Proximus Group, Telenor Group, KPN, Altice Portugal, Deutsche Telekom, BT Group, Telia Company, Telefonica, Vodafone Group, Orange Group, and Swisscom. They wrote: "Large and increasing part of network traffic is generated and monetized by big tech platforms, but it requires continuous, intensive network investment and planning by the telecommunications sector. This model -- which enables EU citizens to enjoy the fruits of the digital transformation -- can only be sustainable if such big tech platforms also contribute fairly to network costs." The European telcos didn't mention any specific tech giants, but Reuters wrote today that "US-listed giants such as Netflix and Facebook are companies they have in mind." The letter also discusses other regulatory topics related to fiber and mobile broadband, saying that "regulation must fully reflect market realities... Namely, that telecom operators compete face-to-face with services by big tech."

"Remember how Microsoft spent years in hot water in the late '90s and early '00s by forcing Internet Explorer on its customers?" asks ZDNet.

"European open-source cloud company Nextcloud does." Now, with a coalition of other European Union (EU) software and cloud organizations and companies called the "Coalition for a Level Playing Field," Nextcloud has formally complained to the European Commission about Microsoft's anti-competitive behavior by aggressively bundling its OneDrive cloud, Teams, and other services with Windows 10 and 11.

Nextcloud claims that by pushing consumers to sign up and hand over their data to Microsoft, the Windows giant is limiting consumer choice and creating an unfair barrier for other companies offering competing services. Specifically, Microsoft has grown its EU market share to 66%, while local providers' market share declined from 26% to 16%. Microsoft has done this not by any technical advantage or sales benefits, but by heavily favoring its own products and services, self-preferencing over other services. While self-preferencing is not illegal per se under EU competition laws, if a company abuses its dominant market position, it can break the law. Nextcloud states that Microsoft has outright blocked other cloud service vendors by leveraging its position as gatekeeper to extend its reach in neighboring markets, pushing users deeper into its ecosystems. Thus, more specialized EU companies can't compete on merit, as the key to success is not a good product but the ability to distort competition and block market access....

So, Nextcloud is asking the European Commission's Directorate-General for Competition to prevent this kind of abusive behavior and keep the market competitive and fair for all players. Nextcloud is doing this by filing an official complaint with this body. In addition, Nextcloud has also filed a request with the German antitrust authorities, the Bundeskartellamt, for an investigation against Microsoft. With its partners, it's also discussing filing a similar complaint in France.

Nextcloud is being joined in its complaint by several open-source, non-profit organizations. These include the European DIGITAL SME Alliance; the Document Foundation, LibreOffice's backing organization; and the Free Software Foundation Europe (FSFE)... Numerous businesses are also supporting Nextcloud's legal action. This includes Abilian, an open-source software publisher; DAASI, an open-source identity management company; and Mailfence.

Faced with a sharp rise in energy consumption, Swedish authorities are calling on the European Union to ban "energy intensive" crypto mining. From a report: Erik Thedeen, director of the Swedish Financial Supervisory Authority, and Bjorn Risinger, director of the Swedish Environmental Protection Agency, said cryptocurrency's rising energy usage is threatening Sweden's ability to meet its obligations under the Paris Climate Agreement. Between April and August this year, the energy consumption of Bitcoin mining in the Nordic country rose "several hundred per cent," and now consumes the equivalent electricity of 200,000 households, Thedeen and Risinger said.

In an open letter, the directors of Sweden's top financial and environmental regulators called for an EU-wide ban on "proof of work" cryptocurrency mining, for Sweden to "halt the establishment" of new crypto mining operations and for companies that trade and invest in crypto assets to be prohibited from describing their business activities as environmentally sustainable.

The lead committee in the European Parliament writing new tech rules passed measures Tuesday that could impact major U.S. and European tech companies. Lawmakers voted to approve measures in the draft Digital Markets Act that could mean: 1. A company's messaging or social media app is interoperable, to prevent users feeling forced to use one or the other because that's where their friends are
2. A ban on behavioral targeting of ads to minors
3. Fines of as much as 20% of a company's global annual sales for breaches for the law

Companies identified as "gatekeepers" and therefore set to be accountable under the DMA include Amazon, Facebook, Google, Microsoft, Apple and Booking.com, and could later hit online marketplaces Zalando and Alibaba.

WhatsApp is rewriting its privacy policy as a result of a huge data protection fine earlier this year. From a report: Following an investigation, the Irish data protection watchdog issued a $253.29m fine -- the second-largest in history over GDPR -- and ordered WhatsApp to change its policies. WhatsApp is appealing against the fine, but is amending its policy documents in Europe and the UK to comply. However, it insists that nothing about its actual service is changing. Instead, the tweaks are designed to "add additional detail around our existing practices", and will only appear in the European version of the privacy policy, which is already different from the version that applies in the rest of the world. "There are no changes to our processes or contractual agreements with users, and users will not be required to agree to anything or to take any action in order to continue using WhatsApp," the company said, announcing the change. The new policy takes effect immediately.

In January, WhatsApp users complained about an update to the company's terms that many believed would result in data being shared with parent company Facebook, which is now called Meta. Many thought refusing to agree to the new terms and conditions would result in their accounts being blocked. In reality, very little had changed. However, WhatsApp was forced to delay its changes and spend months fighting the public perception to the contrary. During the confusion, millions of users downloaded WhatsApp competitors such as Signal.

Satellite trackers have been working overtime to figure out just how much dangerous debris Russia created when it destroyed one of its own satellites early Monday -- and the picture they've painted looks bleak. Multiple visual simulations of Russia's anti-satellite, or ASAT, test show a widespread cloud of debris that will likely menace other objects in orbit for years. The Verge reports: It's going to take weeks or even months to fully understand just how bad the situation is, but early visualizations of the ASAT test created by satellite trackers show an extensive trail of space debris left in the wake of the breakup. The fragments appear like a dotted snake in orbit, stretching out and moving in roughly the same direction that Kosmos 1408 used to move around Earth. And there's one thing the visualizers agree on: this snake of debris isn't going anywhere anytime soon. "There will be some potential collision risk to most satellites in [low Earth orbit] from the fragmentation of Cosmos 1408 over the next few years to decades," LeoLabs, a private space tracking company in the US, wrote in a blog post.

Two visualizations created by the European Union's Space Surveillance and Tracking (SST) network and space software company AGI reveal what likely happened in the first moment of impact when Russia's missile intercepted Kosmos 1408. They both show how the debris cloud grew instantly and spread throughout space. AGI's simulation also shows just how close the cloud comes to intersecting with the International Space Station, validating NASA's concerns and the agency's decision to have the astronauts shelter in place.

Another visualization created by Hugh Lewis, a professor of engineering at the University of Southampton specializing in space debris, shows just how widely the debris from Kosmos 1408 has spread out in space. Lewis explains that when Russia's missile hit the satellite, each of the fragments that were created got a little kick, sending them to higher and lower altitudes. Each piece is moving at a different speed depending on the height of its orbit. Lewis says that the cloud will continue to morph over time. The debris fragments in the lower orbits will fall to Earth and out of orbit more quickly, while the ones in higher orbits will stay in space much longer.

In recent years, Amazon has killed or undermined privacy protections in more than three dozen bills across 25 states, as the e-commerce giant amassed a lucrative trove of personal data on millions of American consumers. From a report: Amazon executives and staffers detail these lobbying victories in confidential documents reviewed by Reuters. In Virginia, the company boosted political donations tenfold over four years before persuading lawmakers this year to pass an industry-friendly privacy bill that Amazon itself drafted. In California, the company stifled proposed restrictions on the industry's collection and sharing of consumer voice recordings gathered by tech devices. And in its home state of Washington, Amazon won so many exemptions and amendments to a bill regulating biometric data, such as voice recordings or facial scans, that the resulting 2017 law had "little, if any" impact on its practices, according to an internal Amazon document.

The architect of this under-the-radar campaign to smother privacy protections has been Jay Carney, who previously served as communications director for Joe Biden, when Biden was vice president, and as press secretary for President Barack Obama. Hired by Amazon in 2015, Carney reported to founder Jeff Bezos and built a lobbying and public-policy juggernaut that has grown from two dozen employees to about 250, according to Amazon documents and two former employees with knowledge of recent staffing. One 2018 document reviewing executives' goals for the prior year listed privacy regulation as a primary target for Carney. One objective: "Change or block US and EU regulation/legislation that would impede growth for Alexa-powered devices," referring to Amazon's popular voice-assistant technology. The mission included defeating restrictions on artificial intelligence and biometric technologies, along with blocking efforts to make companies disclose the data they keep on consumers.

The document listed Carney as the goal's "primary owner" and celebrated killing or amending privacy bills in "over 20 states." This story is based on a Reuters review of hundreds of internal Amazon documents and interviews with more than 70 lobbyists, advocates, policymakers and their staffers involved in legislation Amazon targeted, along with 10 former Amazon public-policy and legal employees. It is the third in a series of reports revealing how the company has pursued business practices that harm small businesses or put its own interests above those of consumers. The previous articles showed how Amazon has circumvented e-commerce regulations meant to protect Indian retailers, and how it copied products and rigged search results to promote its own brands over those of other vendors on its India platform.

The battle between the appetites of European Union Member States' governments to retain their citizens' data -- for fuzzy, catch-all 'security' purposes -- and the region's top court, the CJEU, which continues to defend fundamental rights by reiterating that indiscriminate mass surveillance is incompatible with general principles of EU law (such as proportionality and respect for privacy) -- has led to another pointed legal critique of national law on bulk data retention. From a report: This time it's a German data retention law that's earned the slap-down -- via a CJEU referral which joins a couple of cases, involving ISPs SpaceNet and Telekom Deutschland which are challenging the obligation to store their customers' telecommunications traffic data. The court's judgement is still pending but an influential opinion put out today by an advisor to the CJEU takes the view that general and indiscriminate retention of traffic and location data can only be permitted exceptionally -- in relation to a threat to national security -- and nor can data be retained permanently. In a press release announcing the opinion of advocate general Manuel Campos Sanchez-Bordona, the court writes that the AG "considers that the answers to all the questions referred are already in the Court's case-law or can be inferred from them without difficulty"; going on to set out his view that the German law's "general and indiscriminate storage obligation" -- which covers "a very wide range of traffic and location data" -- cannot be reconciled with EU law by a time limit imposed on storage as data is being sucked up in bulk, not in a targeted fashion (i.e. for a specific national security purpose).

Amazon plans to stop accepting payments made via Visa credit cards issued in the U.K. starting next year. From a report: The e-commerce giant has told some customers that, from Jan. 19 onward, the company will no longer accept Visa credit cards issued in Britain "due to the high fees Visa charges for processing credit card transactions." Visa earlier this year hiked the interchange fees it charges merchants for processing digital transactions between the U.K. and the European Union. After Brexit, an EU cap on interchange fees no longer applies in the U.K., allowing card networks to raise their charges. Mastercard has also increased its U.K.-EU interchange fees. Amazon customers were told they will still be able to use debit cards -- including those issued by Visa -- and non-Visa credit cards like Mastercard and American Express. Users are being encouraged to update their default payment method ahead of the changes.

Whilst the European Parliament has been fighting bravely for the rights of everyone in the EU to exist freely and with dignity in publicly accessible spaces, the government of Portugal is attempting to push their country in the opposite direction: one of digital authoritarianism. From a report: The Portuguese lead organisation in the Reclaim Your Face coalition D3 (Defesa Dos Direitos Digitais) are raising awareness of how the Portuguese government's new proposed video surveillance and facial recognition law amounts to illiberal biometric mass surveillance. Why? Ministers are trying to secretly rush the law through the Parliament, endangering the very foundations of democracy on which the Republic of Portugal rests.

Eerily reminiscent of the failed attempts by the Serbian government just two months ago to rush in a biometric mass surveillance law, Portugal now asked its Parliament to approve a law in a shocking absence of democratic scrutiny. Just two weeks before the national Assembly will be dissolved, the government wants Parliamentarians to quickly approve a law, without public consultation or evidence. The law would enable and encourage widespread biometric mass surveillance -- even though we have repeatedly shown just how harmful these practices are. Reclaim Your Face lead organisation EDRi sent a letter to representatives of Portugal's main political parties, supporting D3's fight against biometric mass surveillance practices that treat each and every person as a potential criminal. Together, we urged politicians to reject this dystopian law.

Euractive reports: The French government's roadmap for developing open source to make it a vector of digital sovereignty and a guarantee of "democratic confidence" was presented by Public Transformation and Civil Service Minister Amélie de Montchalin on Wednesday (10 November).

EURACTIV France reports Montchalin spoke at the closing of the first edition of the "Open Source Experience", which took place from 9-10 November and brought together all players in the free software community in Paris. "We must now build the public action of the new century," she said, indicating that France will look to inspire the "many States [that] seek to embark" on greater openness of public data and the use of open source... With the vast majority of relations between citizens and state services now being digital, Montchalin believes a "culture of transparency" is necessary for "democratic trust". It is also a matter of digital sovereignty, she added.

According to a European Commission study published in September, investment in open source software in 2018 generated a sum of €65-95 billion in revenue. According to the same report, France was crowned European champion of open source policies.

To help French administrations make greater use of such solutions, Montchalin announced the creation of a team within the Interministerial Digital Directorate responsible for the promotion and inter-ministerial coordination of this mission. She also revealed the launch of the code.gouv.fr platform, which will inventory all source code published by public organisations... [French prime minister] Jean Castex urged all government departments on 27 April to do more to facilitate access to their data, algorithms and codes "in open formats that can be used by third parties". The PM also urged them to turn to free and open software...

[Montchalin] wants the state to retain "control over the solutions" it uses. She also stressed the importance of interoperability — the ability to work with other existing or future products or systems — and reversibility — the ability to resume using data or software in the event of migration to another solution. "By using open source software, you give yourself much more autonomy than by using proprietary software and a fortiori proprietary cloud services that are hosted outside Europe," Stéfane Fermigier, co-president of the Union of Free Software and Open Digital Businesses, told EURACTIV.
The article also summarizes a concern from French digital law firm LegalUP Consulting that open source code "makes it easier to discover security flaws, which can be exploited."

But a representative from LegalUP also calls open source software "an extremely interesting alternative for Europe, a third way between digital giants and local players; an opportunity to ensure independence through neutrality and decentralisation rather than conflict."

Alphabet unit Google lost an appeal against a 2.42-billion-euro ($2.8-billion) antitrust decision on Wednesday, a major win for Europe's competition chief in the first of three court rulings central to the EU push to regulate big tech. From a report: Competition Commissioner Margrethe Vestager fined the world's most popular internet search engine in 2017 over the use of its own price comparison shopping service to gain an unfair advantage over smaller European rivals. The shopping case was the first of three decisions that saw Google rack up 8.25 billion euros in EU antitrust fines in the last decade. The company could face defeats in appeals against the other two rulings involving its Android mobile operating system and AdSense advertising service, where the EU has stronger arguments, antitrust specialists say. The court's support for the Commission in its latest ruling could also strengthen Vestager's hand in her investigations into Amazon, Apple and Facebook.

The European Commission is planning to ban payment for order flow, paralleling potential U.S. moves to stem a practice that hit the headlines during the meme-stock mania. From a report: A forthcoming review of the Markets in Financial Instruments Directive will include a ban amid other measures to increase transparency, such as a consolidated tape of information about transactions, people familiar with the matter said. The U.S. Securities and Exchange Commission is separately weighing a ban on payment for order flow, in which trading firms pay retail brokerages to execute their trades. Regulators are concerned that video-game like prompts have encouraged excessive trading on app-based brokerages that fueled a explosive surge in value for GameStop Corp. and other stocks this year. While the day-trading frenzy is far more muted in Europe than the U.S., the practice of zero-commission trading is starting to cross the Atlantic. That prompted the bloc's markets watchdog to warn firms and investors in July of the risks arising from payment for order flow.