- Home /
- News /
- 2003 /
- March /
- Majority of governments introducing data retention of communications
Majority of governments introducing data retention of communications
01 March 2003
On 12 July 2002 the EU agreed fundamental changes of the 1997 EC Directive on privacy and telecommunications preventing the erasure of data and allowing member states to introduce new laws requiring communications providers to keep traffic data and make it accessible to the law enforcement agencies).
A draft, binding, EU Framework Decision prepared by the Belgian government (and backed by the UK) has temporarily been put on the shelf due to widespread criticism. But a secret document shows that at the national level nine out of 15 member states have, or are planning to, introduce mandatory data retention (only two member states appear to be resisting this move). In due course it can be expected that a "harmonising" EU measure will follow.
Terrorism pretext for mandatory data retention
Mandatory data retention had been demanded by EU law enforcement agencies and discussed in the EU working parties and international fora for several years prior to 11 September 2000. On 20 September 2001 the EU Justice and Home Affairs Council put it to the top of the agenda as one of the measures to combat terrorism. But now, over 16 months later, it is nowhere near being in operation in most EU states.
So the question has to be asked: does this mean that all telecommunications have not been under surveillance since 11 September? Of course they have, not by the law enforcement agencies but by the security and intelligence agencies. The National Security Agency (USA) and the Government Communications Headquarters (GCHQ, UK) have been surveilling global communications since 1947 (UKUSA agreement). During the Cold War this was for military and political purposes, later through the new Echelon system political and economic intelligence was targeted. Echelon, NSA and GCHQ were already moving to cover terrorism (and associated serious crime) before 11 September - after it became a new priority. But even then, for example, with the new, huge, NSA online storage system (Petraplex) designed to hold all the world's communications for 90 days, this is almost useless unless the agencies know (through gathering human intelligence on the ground, HUMINT) what to look for.
The EU's law enforcement agencies’ demand for data retention, now backed by their governments, has little or nothing to do with terrorism but rather is primarily to deal with crime and internal threats posed by public order, refugees and asylum-seekers, and migrant communities.
--------------------------------------------------------------------------------
Analysis
--------------------------------------------------------------------------------
Following the fundamental changes to the 1997 EC Directive on privacy in the telecommunications sector formally adopted on 12 July 2002 the door was open for new measures to require data to be retained at national and EU levels (see Statewatch, vol 12 no 3/4).
Two key privacy protections were removed. The first of which said that data could only be held for the purposes of billing (ie: for the customer to check the details), usually only for a few weeks. The second allows member states to adopt national laws to require communications providers to retain data for a specified period so that law enforcement agencies can get access to it.
"Under the table", out of public view, was a binding Framework Decision drafted by the Belgian government which would have made data retention mandatory in all EU states (and all applicant states) and rules for the exchanges of data between states/agencies (see Statewatch, vol 12 no 3/4 for details). Statewatch was leaked a copy of the draft Framework Decision and when it was published, with much critical commentary, the Danish Presidency of the Council of the European Union claimed to know nothing about it.
However, a set of non-binding draft Conclusions, prepared by the Danish EU Presidency, said:
"within the very near future, binding rules should be established on the approxima