European Union Data Retention - even more draconian plans for flat rate services etc.
The European Union Council of Ministers held its 2626th Council Meeting on Justice and Home Affairs in Brussels, on 2 December 2004.
The 24 page press release (.pdf) waffles about various general reports and plans e.g.
"EUROPEAN EVIDENCE WARRANT
We hope that UK and EU politicians will be reminded of the international jurisdictional and sovereignty issues highlighted by the Indymedia server seizure scandal this October.
EXCHANGE OF INFORMATION EXTRACTED FROM THE CRIMINAL RECORDS
DATA RETENTION BY TELECOMMUNICATION SERVICE PROVIDERS
SHIP SOURCE POLLUTION
TERRORISM : PREPARATION OF THE EUROPEAN COUNCIL
EXCHANGE OF INFORMATION ON TERRORIST OFFENCES
LOST OR STOLEN PASSPORTS"
These Data Retention plans should be controversial, in that they now seem to be going even further than the draconian United Kingdom plans, which were not debated in Parliament , but which were smuggled in to the Part 11. Retention of Communications Data of the Anti-terrorism, Crime and Security Act 2001
The European Union Council of Ministers are planning to force communications service providers to retain data which they do not normally retain or process for billing purposes etc. , for all types of crime, not just terrorism.
This goes well beyond even the UK's unsuccessful attempts to get the communications industry to cooperate and pay for data retention of log files etc. for which they no longer have a commercial use for, and is in direct in contravention of the Principles of Data Protection.
Just to be clear, Data Retention means trawling through the private data of the innocent majority of people, rather than focussing on the data of suspects or criminals where there is some reasonable suspicion of criminal activity.
In addition to the police state mentality of these proposals, the "justice ministers" seem to be unwilling to actually pay from their own budgets, for the vast expense of creating new IT computer systems to log and retain data, which, in many cases do not exist at present, as there is no valid commercial reason for exisiting telecommunications and internet companies to do so.
As this meeting is composed only of civil servants and justice or police ministers, someone should try to educate them on the technical and commercial facts of life and the huge bureacracratic and financial cost implications of their ideas, before they inflict them on us.
"DATA RETENTION BY TELECOMMUNICATION SERVICE PROVIDERS
The Council examined the scope of the draft Framework Decision on data retention.
The proposal implies in principle that providers of publicly available electronic communications services or networks must retain specified data allowing for establishing the source, routing, destination, time, date and duration of communications and the location of the telecommunications devices used. In its original form, the proposal seems to be limited to data already processed andstored for billing, commercial and other legitimate purposes."
Apparently this is not draconian enough, so they are planning an even more expensive and intrusive option:
"But this approach would imply that the possibilities for access to data for law enforcement purposes depend on the technical and commercial setup of each individual service provider. Some service providers apply systems, such as flat rate systems, which imply that relevant data, processed for the purpose of providing the telecommunication concerned, is erased immediately after the communication has been terminated.
Therefore the Council instructed its preparatory bodies to examine another approach implying an obligation for service providers to retain relevant data defined in a common list in the instrument, provided that the data is processed/generated by the service provider in the process of supplying the telecommunications service concerned. Particular consideration should be given to the proportionality of the measure in relation to costs, privacy (data protection) and efficiency.
This approach may lead to a higher degree of certainty for the retention of the data concerned, and is less sensitive to the commercial behaviour of the service provider and technical developments.
The service provider would be under an obligation to retain the data concerned to the extent that the data is processed/generated by the service provider, even if the data has no interest for the service provider. The level of harmonisation of Member States' legislation would be relatively high.
Judicial authorities and law enforcement authorities have during the last years increasingly expressed concerns regarding the use of the technical innovations, brought about by the continuous development of electronic telecommunications services, for the purpose of committing crimes, and the difficulties which this may cause regarding detection of crimes and investigation into crimes.
These concerns relate not only to communications by fixed phones, mobile phones, short message services (SMS), electronic media services (EMS) and multi media services (MMS). Increasingly,
they also relate to internet Protocols including Email, voice over the internet, world wide web, file transfer protocols, network transfer protocols, voice over broadband etc.
The proposal was made in the light of in particular the Declaration by the European Council of 25 March 2004 on combating terrorism. The text strongly highlighted in particular the use of telecommunications for the purpose of the commission of terrorist acts. The Declaration of 25 March proves that an instrument on data retention should be adopted by June 2005."
Thanks to
Comments
See also http://www.vnunet.com/news/1159786 (note para 1 should read "...how to use ID cards...", per the print edition).
A taster: "If adopted, the plan would create a central audit trail of every citizen's major transactions with both government and business."
Posted by: Weasel Bearder | December 6, 2004 2:26 PM
Reading this reminds me of John Connor dropping "off the grid" in Terminator 3 so that no trace of him can be found on any computer.
On a more serious note (playing Devil's Advocate for a moment) what exactly is the risk to innocent people of their records being retained and searched? There wouldn't be the inconvenience of being forced to go through a metal detector at Hammersmith Tube, for example.
By-the-way, I can't post comments to Weasel Bearder's site because of some kind of ADO Recordset error.
Posted by: Matt Sellers | December 9, 2004 1:37 PM
European Digital Rights
EDRI-gram - Number 2.23, 2 December 2004
"Data retention in EU JHA Council"
http://www.edri.org/edrigram/number2.23/retention
'Pressured to give examples of the necessity of data retention for law enforcement, Donner admitted he had not told the 'full truth' to Parliament in the previous meeting when he pointed to 'the success of mandatory data retention in the UK'. He now acknowledged there was no legal obligation to retain data in the UK, only a self-regulatory code to which many providers don't comply. He admitted he only "talked to English law enforcement officials who said mandatory data retention was a very good idea."'
Are "English law enforcement officials" and "European Union politicians" really so unprofessional and technologically ignorant ?
It is almost as if the some Cold War era KGB "agents of influence" had infilitrated our democratic institutions, trying to destroy our freedoms and liberties from within.
Posted by: wtwu | December 10, 2004 11:16 AM
Finally some of the media (oh, alright then, at least the online IT trade press), in the form of an article in The Register, have noticed this evil Data Retention proposal from the European Union.
http://www.theregister.co.uk/2004/12/10/ec_data_retention/
It would be interesting to know for which client or clients the lobbying company Political Intelligence is working for, on this Data Retention Issue, given that Joe McNamee (N.B. the name spelling is slightly different to that published in The Register), their EU Policy Director, is so heavily quoted in the interview.
http://www.political-intelligence.com/joe.html
"Joe MacNamee, a spokesman for lobby group Political Intelligence, says that this reveals a "scarcely believable lack of technical awareness", and argues that the problems with the old text will not be resolved by this new approach. "Note that in this document, there is still no mention of what problems this is supposed to solve," he says.
The methodology in this policy area doesn't start by identifying a problem and proposing a solution, MacNamee argues. It begins by taking a view that there is plenty of data out there that might be useful for law enforcement, and drafting a proposal broad enough to ensure all the data is available if needed.
"There are already virtually no limits, beyond Human Rights legislation, on Member States under the proposal. All data produced - however ephemeral or useless - would need to be retained. 'Data processed' means every calculation made by every chip in every device in every link in the chain of communication of every packet in every transmission," he says.
The original proposal had several gaping flaws. It did not restrict which communications systems would be covered by the bill, and could potentially be extended to include voice over IP, email, the web and so on. There is also no provision made for dealing with duplication of data: as it stands, service providers involved in sending and receiving an email would each be obliged to keep hold of all its associated data.
There is also no guidance on how any directive should be resolved with conflicting legislation at a national level. In the UK for instance, it may well conflict with data protection laws. Service providers will have to store the data very, very safely, implying significant expense.
None of these problems have been addressed, MacNamee told The Register. "This methodology gave us RIPA, then Enfopol and now this," he says, predicting "a similarly poorly drafted proposal" will be on the table within weeks or months"
Posted by: wtwu | December 10, 2004 10:44 PM