[Privsec] URGENTISSIMO: letter to European Parliament against data retention

[Ralf Bendrath]

--- Please spread widely and quickly ---

Hi all,

the European Parliament - after heavy pressure and blackmailing from the 
council of ministers - is about to vote for mandatory retention of all 
communications, phone and location data in the EU for up to 2 years. This 
is outreageous.

--> Please sign the open letter drafted by Privacy International and 
European Digital Rights. Deadline is tomorrow morning, 9:00 CET.

We especially welcome signatures from Data protection authorities,
Consumer unions/organisations and Internet and Telecom providers.

Signatures should be sent to
Sjoera Nas, EDRI, <sjoera at bof.nl>
and/or
Gus Hosein, Privacy International, <gus at privacy.org>.

Thanks for your support.

Ralf


http://www.privacyinternational.org/retentionlaunderingcampaign

Open Letter to the European Parliament on Data Retention

05/12/2005

To all Members of the European Parliament

We the undersigned are calling on you to reject the Directive of the
European Parliament and the Council on the Retention of Data Processed in
Connection with the Provision of Public Electronic Communication Services
and Amending Directive 2002/58/EC.

Adopting this Directive would cause an irreversible shift in civil
liberties within the European Union. It will adversely affect consumer
rights throughout Europe. And it will generate an unprecedented obstacle
to the global competitiveness of European industry.

A Directive Fraught with Problems

In the Information Society every human action generates transaction logs.
Our movements, our purchases, and our interactions with others can be
routinely logged in public and private sector databases. In recognition of
this, the European Union led the world in establishing a data privacy
regime to limit the collection, processing, retention, and accessing of
this information. Now the Council is demanding that the European
Parliament reverse its position and lead the world in introducing mass
surveillance of our activities.

Under existing EU law many of these logs are already available for law
enforcement purposes for as long as the telecom industry service providers
retain them for business purposes. Justice and Home Affairs officials are
pushing to make available even greater stores of information.

The Directive proposes the collection of information on everybody's
communications and movements. The storage of such "communications traffic
data" allows whoever has access to it to establish who has electronically
communicated with whom and at what time and at which location, over months
and years.

In recent meetings with the Justice and Home Affairs Council on 1 and 2
December 2005, it appears that the European Parliament suddenly agreed to
the collection of information on everybody's communications and movements
for very broad law enforcement purposes, in spite of having rejected this
policy twice before.

We call on the Members of the European Parliament to reject this policy
for the following reasons.

1. This Directive invades the privacy of all Europeans. The Directive
calls for the indiscriminate collection and retention of data on a wide
range of Europeans' activities. Never has a policy been introduced that
mandates the mass storage of information for the mere eventuality that it
may be of interest to the State at some point in the future.

2. The proposed Directive is illegal. It contravenes the European
Convention on Human Rights by proposing the indiscriminate and
disproportionate recording of sensitive personal information. Political,
legal, medical, religious and press communications would be logged,
exposing such information to use and abuse.

3. The Directive threatens consumer confidence. More than 58,000 Europeans
have already signed a petition opposing the Directive. A German poll
revealed that 78% of citizens were opposed to a retention policy. The
Directive will have a chilling effect on communications activity as
consumers may avoid participating in entirely legal transactions for fear
that this will be logged for years.

4. The Directive burdens EU industry and harms global competitiveness.
Retention of all this data creates additional costs of hundreds of
millions of Euros every year. These burdens are placed on EU industry
alone. The U.S., Canada and the Council of Europe have already rejected
retention.

5. The Directive requires more invasive laws. Once adopted, this Directive
will prove not to be the ultimate solution against serious crimes. There
will be calls for additional draconian measures including:
- the prior identification of all those who communicate, thus requiring ID
cards at cybercafes, public telephone booths, wireless hotspots, and
identification of all pre-paid clients;
- the banning of all international communications services such as webmail
(e.g. Hotmail and Gmail) and blocking the use of non-EU internet service
providers and advanced corporate services.

An Illegitimate Process

Proponents of retention policy are sweeping these concerns aside and are
harmonising measures to increase surveillance while failing to harmonise
safeguards against abuse. European opposition has been high, and the
arguments against reasoned and justified. The continued life of this
policy in Europe is inexplicable save for the illegitimate policy process
that is being pursued by the policy's proponents.

These proponents claim that retention is spreading across Europe. In fact,
less than five countries have some form of mandatory data retention in
place, and even fewer apply the practice to internet services.

The Council is demanding that the European Parliament approve a regime
that parliaments in the Member States have already rejected. For instance
the UK Presidency is proposing a policy that has already failed in the UK
Parliament. The Council is trying to make the Parliament complicit in this
act of policy laundering.

A Key Moment

As the EU embarks on this unprecedented policy, we are facing a momentous
decision as to whether we wish to set in motion a chain of events that
will lead to a surveillance society.

Once a surveillance regime begins it always expands. As the European Data
Protection Supervisor has stated in his opinion, the mere existence of
data might lead to increased demands for access and use by industry, law
enforcement authorities, and intelligence services. Already, restrictions
agreed on in the Committee for Civil Liberties were pushed aside in secret
negotiations with the Council.

Though the Council claims retention will combat terrorism, for years it
has rejected limiting the legislation to such investigations. Even if
access to this data were limited by the Parliament to a list of serious
crimes nothing prevents the expansion of this list: already the Copyright
Industry has called for access to this data to combat file-sharing online.

Any reimbursement of costs to service providers, like most other
surveillance cost-recovery experiments, will likely be temporary.
Eventually the costs and burdens generated by this policy will be seen as
'the cost of doing business' and will be passed on to individual consumers
as 'the cost of communicating in Europe'.

The only way we can prevent this chain of events is by following the
example of other countries around the world and rejecting this policy in
its entirety.

Promises are Not Enough

The European Data Protection Supervisor and the Article 29 Working Party
of European Privacy Commissioners, as well as the European Parliament
itself, have repeatedly stated their convictions that the case for
retention has not been made. And their calls for standards and necessary
safeguards have gone unheeded. The concerns of civil society and the
telecommunications industry have also not been adequately addressed.

This policy continues only due to secret processes, agreements established
without scrutiny, and through fast-tracking of debate because the Council
fears open and democratic discussion on these matters. This is evidenced
by the lack of similar policies in Member States where Parliamentary
scrutiny is constitutionally required.

The EU should follow the example of open and democratic countries that
have instead chosen to implement a preservation regime where data is
collected and retained only for a specific investigation and then is
accessed through court orders.

We, the undersigned, call on Members of the European Parliament to
recognise the significant threat to European civil liberties, consumers,
and industry and to therefore reject the Directive on communications data
retention.