Guest Post by Volker Rieck.  Translated from German.  Original here. 

Astroturf instead of grass roots: When clicktivism meets hard reality

Last weekend, several organizations called for a “Day of Action” with demonstrations throughout Europe against the planned EU Copyright Directive.

Among the supporters of the events were the Pirate Party, the Left, the Greens and the network association Loade.V. (FDP).

The saveyourinternet.today website created an overview map of all 27 demonstrations.

Although this page, like many other pages of the campaign, has no legal notice or stated privacy policy as required by GDPR it has nonetheless been linked by Change.org and others—groups that ordinarily assert an interest in privacy.

In any case the cards weren’t put on the table. Again.

Illustration: Saveyourinternet.today with calls and links to the demonstrations. Operator of this site unknown, data protection notice missing. The WhoIs details lead to WhoIs Guard in Panama.

The “Day of Action” in Germany

The first event was Mainz on Saturday, August 25, 2018, where prominent members of the Bundestag such as Tabea Rösner (Die Grünen) and Manuel Höferlin (FDP) spoke.

Nevertheless, they only spoke in front of about 30 participants.
While the poor attendance at the event in Mainz was notable – it was far from the worst showing of the day for the declared opposition to the copyright directive.

On Sunday, other cities followed, including Hamburg. Patrick Breyer, the former member of parliament for the Pirate Party in Kiel, also spoke in front of about 40 demonstrators.

Breyer stressed that 1 million supporters have already been collected for a petition against the directive at Change.org. He also defended himself against accusations that the petition had been supported by bots, which seemed a bit strange in view of 40 participants.

Illustration: Final photo of the rally in Hamburg, approx. 40 participants.

Pirates are obviously capable of self-reflection. Demonstrator Malte Huebner quickly aired his displeasure on Twitter that day.

“The visibility of the Hamburg #saveyourinternet demonstration is catastrophic.
We are standing there like a bunch of flat earthers that warn of reptiloids from the dark side of the moon. The scope of #article 13 cannot be conveyed with this approach.”

But it was even worse for the young pirate when the first passers-by appeared.

“Oh Shit, ‘The Pirate Party still exist? Weren’t you for pedophilia and kid porn?’”

The main event took place in Berlin at Pariser Platz. According to various estimates, it was probably the largest event of the campaign with around 100 participants, although the alleged driving force was the MEP Julia Reda. This is an astonishingly small number for the central event of a campaign!

Reda had stated in advance that with broad support the accusations that there were relatively few people behind the online campaign could be refuted.

If broad attendance was to be understood as an affirmation of the actual support of Europeans, then surely the converse is also true – the lack of broad support would suggest the opposite conclusion. The crowds, or the absence therefor, have spoken. It is now essential that major media who have largely reported the Pirate’s assertions that the directive is “highly controversial” recognize they have been following noise rather than signal. It’s not always the case that where there’s smoke there’s fire. Sometimes it is just smoke.

Illustration: The “Day of Action” at Pariser Platz in Berlin, approx. 100 participants

In other German cities, too, participation seemed to be similarly moderate. The city of Munich attracted only about 30 protesters.

Illustration: The “Day of Action” at Marienplatz in Munich, approx. 30 participants

A projection based on 15 of the total of 27 events throughout Europe, which attracted a total of around 400 participants, suggests that the maximum number of participants across Europe would be 800, as there were also locations with no shows. Even in the home country of the Pirate Party, Sweden, more precisely in Stockholm, there were only 15 participants.

Illustration: The protest in a park in Stockholm, about 15 participants. No, this is not the yoga group that usually meets there.

Poland is not lost yet

Poland was supposed to be the backbone of the anti-directive campaign, after all organizers had a few years ago managed to get 10,000 people out to protest ACTA, so surely, they would step up where there German counterparts had failed. Not this time. In total, there were an estimated fewer than 100 people across 6 different rallies in Poland. As in Germany, this should send a message to media, members of the European Parliament, and the public.

There were more police officers in Lodz than demonstrators. A total of 6 (six!) participants gathered. And who knows how many there would have been in Krakow (40 participants) if the mayoral candidate Konrad Berkowicz (Wolność party) had not used the demo on his own behalf and his supporters had increased the number of participants.

The hashtag of the campaign should therefore better be #1of8hundred and not #1of1million. That would be closer to reality.

Estimates of the number of participants in detail:

A lot of noise from a few activists

So there seems to be a large numerical discrepancy between the digital protest and the number of actual opponents of the planned EU Copyright Directive.

The campaign claims to have one million signatories at Change.org, yet only 0.08% of the signatories gather to go to a demonstration.

Of course, click and demonstrations are two different ways of expressing opinions. One click is done in seconds, while a demonstration can be cumbersome.

However, the question arises how such a small core of visible opponents of the EU directive throughout Europe was able to generate so much digital noise among MEPs in July. And how could this noise, which was produced by so few, have had such an impact on so many members of the European Parliament?

The technical tools provided by the initiators of the saveyourinternet.eu website via partner sitesplay a central role here.

They have ensured that MEPs’ mailboxes were overfilled, and their Twitter accounts flooded in the week before the vote in early July.

The meagre result of the “Day of Action” must not remain hidden from EU parliamentarians.

It is almost certain the same tools will be used again before the next vote on 9/12/2018 (12.09.2018). Every Member must consider his or her decision carefully.
It is of vital importance that parliamentarians not be misled by manufactured and hyperbolic outrage, nor by media that lazily reports the existence of imaginary controversies.

Last weekend’s “demonstrations” told an important story. Not the whole story of course, but an important one nonetheless.
Governments around the world are struggling with how to translate online comments into an understanding of the will of the people. One thing is abundantly clear – They do not convey a fair representational sense of the public – particularly given the existence of marketing tools to facilitate a form of uncritical hashtag clicktivism. Astroturf is easily disguised as grassroots. This has now been exposed in Europe via last week’s protest. It is a lesson that must not be ignored by the European Parliament.

This is the same group that the Times of London covered.  This is the group behind the massive spamming of the EU parliament on the copyright directive.

https://www.thetimes.co.uk/article/google-funds-activist-site-that-pushes-its-views-rg2g5cr6t

Here I demonstrate how anyone in the US can repeatedly “spam” the Canadian copyright consultation with this website.  I can multiply my voice hundreds of times hitting the browser back button and resend.   You don’t need to mask IP address or fake a Canadian IP. You just need a single Canadian postal code.  Easy enough to Google and get a postal code.  I used the postal code for the town of Meat Cove at the top of Cape Breton Island.

Editor note:  This has been translated from original german text here. Of particular significance Mr. Rieck suggests that the websites associated with the  political hack,  OpenMedia, New/Mode, SaveYourInternet EU and (their cloned sub-websites appear to violating e-Commerce directive proper disclosures (ownership) and New/Mode violating GDPR on user data.

Anatomy of a Policy Hack Part 2 – The Organization of Hacks

As mentioned in a previous article, saveyourinternet.eu’s campaign was primarily responsible for the flooding of MEPs’ mailboxes with ready-made e-mails their Twitter accounts with automated tweets and their phones with switched phone calls including call guidelines.

Who is behind safeyourinternet.eu?

The campaign was organized by the organization Copyright for Creativity (C4C) and its secretariat N-Square. The C4C has 42 members (EFF, Edri, BEUC etc.) and, according to its own statements, is mainly financed by the Open Society Foundation (the foundation of George Soros) and the Computer & Communications Industry Organization. Members of this American industry association include Amazon, Cloudflare, Facebook, Mozilla, Google and Uber.

Who exactly was in charge?

To carry out the campaign, N-Square (a lobby company of the KDC Group, which also works for Google, among others) links to various campaign sites. Unfortunately, it is not always clear who is behind it, because only half of the partners and tool pages involved in the saveyourinternet campaign have an legal notice.
Not even saveyourinternet.eu itself has an about us, only further links.
The imprint obligation of the e-commerce directive is ignored.
Only on a second glance over a WhoIs-Lookup one learns that the page was registered by the C4C. The conglomerate C4C, KDC Group, N-Square has registered other websites that  also play a role in this hack: fixcopyright.eu and voxscientia.eu.   Neither of these organizations disclose who created them. Only through a Whois query can you trace it back to the KDC Group.

Who needs the EU data protection basic regulation?

The basic EU data protection regulation (GDPR), which has been in force since the end of May, naturally also applies to companies operating campaign sites in Europe.
In the case of the sites registered by the KDC Group and N-Square, however, this does not seem to matter to them.
Particularly critical at liberties.eu is the transmission of visitor data to the North American New Mode, the commercial subsidiary of Open Media, without reference in a data protection declaration. Platinum sponsors of Open Media include Google and Mozilla.
Only the Open Rights Group website has a data protection declaration in accordance with the basic regulation. All others are in breach of Article 13 of the GDPR.
A GDPR-compliant data protection declaration, in particular information on the processing of consumer data, is missing in all other cases. Responsible persons are not be named.

Arm in arm with supporters of piracy

A further analysis of the traffic of Saveyourinternet.eu is very informative. Most of the visitors until the end of June came from Poland. This could have to do with the fact that there were Polish origin pages on which banners were placed. These banners were booked via the dubious English/Russian advertising network Propellerads. According to a study by the British company Incopro, Propellerads was the No. 2 ad network in 2015 that finances piracy sites through advertising. On illegal sites that violate copyrights commercially, Propellerads is an integral part of the advertising environment.

Illustration: Adtraffic to saveyourinternet.eu, 90% ads by Propellerads by Similarweb

Where are you from?

Visitors from the USA, who ranked 4th in the visitor hit list Saveyourinternet.eu, were also able to contact MEPs via the tools.
US blogger David Lowery describes in his blog Thetrichordist how he himself was able to reach EU deputies in the UK.

Illustration: Traffic share per territory by Similarweb

How much does a hack like this cost?

As several MEPs have told us, they have received between 50,000 and 70,000 emails.
If we assume that the Full Toolkit (Best Value) for 50,000 mails plus an additional package for 25,000 mails was ordered at New/Mode, the entire DDoS attack ADD “WOULD” cost only 549 US Dollar, i.e. about 470 Euro. That is only 0.60 euros per MEP.
Always assuming that several MEPs were bombarded with mails at the same time with one click.

Illustration: Price for the Full Toolkit (Best Value) at New/Mode

Conclusion

Ultimately, US companies from the Internet economy financed significant parts of a campaign in Europe to influence EU legislation.

What looked like grassrootes movement from the outside was in fact a classic form of astroturfing – designed to create the appearance of a popular movement.

Given the absence of any type of verification and the active marketing of this campaign outside of the EU, it remains entirely unclear the extent to which non-EU nationals and/or bots were involved in the generation of automated or semi-automated messages against articles 11 and 13 of the directive.

The campaign relied on dubious advertising marketers and many of the parties involved do not in the least meet minimum requirements for legal notice obligations and basic data protection regulations. There is massive violation of both.

This campaign was developed and executed precisely to create confusion about its sources, supporters and modalities, and to prevent a clear understanding of its true nature.

It is a matter of the greatest and immediate importance that the EU consider how to respond to such stealth attacks on the democratic institutions of the EU, and to ensure that such lobby-driven DDoS attacks will not endanger its ability to work fairly in support of the EU nationals and interests in the future. There is every reason to suspect that the same parties wil engage in similar, if not, identical tactics in the lead up to September vote on the directive, and therefor essential that steps be taken now to ensure against manipulation of our political processes by foreign and non-human actors.