Monday, April 06, 2009

European internet firms must start logging communications as of today

As of today, all internet service providers in Europe are required by law to retain information about every e-mail and VOIP call made by their users thanks to the European Data Retention Directive.

BBC NEWS Technology Net firms start storing user data

Details of user e-mails and net phone calls will be stored by internet service providers (ISPs) from Monday under an EU directive.

The plans were drawn up in the wake of the London bombings in 2005.

ISPs and telecoms firms have resisted the proposals while some countries in the EU are contesting the directive.

Jim Killock, executive director of the Open Rights Group, said it was a "crazy directive" with potentially dangerous repercussions for citizens.

All ISPs in the European Union will have to store the records for a year. An EU directive which requires telecoms firms to hold on to telephone records for 12 months is already in force.

The data stored does not include the content of e-mails or a recording of a net phone call, but is used to determine connections between individuals.

Authorities can get access to the stored records with a warrant.

Governments across the EU have now started to implement the directive into their own national legislation.

The UK Home Office, responsible for matters of policing and national security, said the measure had "effective safeguards" in place.

There is concern that access to our data is widening to include many public bodies ISPs across Europe have complained about the extra costs involved in maintaining the records. The UK government has agreed to reimburse ISPs for the cost of retaining the data.

Mr Killock said the directive was passed only by "stretching the law".

The EU passed it by "saying it was a commercial matter and not a police matter", he explained.

"Because of that they got it through on a simple vote, rather than needing unanimity, which is required for policing matters," he said.

Sense of shock

He added: "It was introduced in the wake of the London bombings when there was a sense of shock in Europe. It was used to push people in a particular direction."

Sweden has decided to ignore the directive completely while there is a challenge going through the German courts at present.

"Hopefully, we can see some sort of challenge to this directive," said Mr Killock.

Isabella Sankey, Policy Director at Liberty, said the directive formalised what had already been taking place under voluntary arrangement for years.

"The problem is that this regime allows not just police to access this information but hundreds of other public bodies."

In a statement, the Home Office said it was implementing the directive because it was the government's priority to "protect public safety and national security".

It added: "Communications data is the where and when of the communication and plays a vital part in a wide range of criminal investigations and prevention of terrorist attacks, as well as contributing to public safety more generally.

"Without communications data resolving crimes such as the Rhys Jones murder would be very difficult if not impossible.

"Access to communications data is governed by the Regulation of Investigatory Powers Act 2000 (Ripa) which ensures that effective safeguards are in place and that the data can only be accessed when it is necessary and proportionate to do so."

And, as an aside, I'm not sure many will find comfort in the idea that RIPA will act to protect privacy: RIPA surveillance may break human rights laws - ZDNet.co.uk.

1 comment:

Anonymous said...

I think the Court does give some nice guidance on the reasonable expectation of privacy. For example,

"Privacy analysis is laden with value judgments which are made from the independent perspective of the reasonable and informed person who is concerned about the long-term consequences of government action for the protection of privacy."

The idea that the "objective" assessment is supposed to assume the reasonable person cares about privacy is a good clarification.

Also, I think there are some good statements about the "lifestyle" and "core biographical information" aspects of the test. In some recent cases judges have been pretty conservative in defining those terms. I think the Court supports a much more liberal definition:

"The majority in the Alberta Court of Appeal seems to state, in para. 35, that because the items of interest located by the police revealed involvement in criminal activity they cannot “constitute intimate details of lifestyle or core biographical details to which privacy protection ought to be extended”. I would have thought, with respect, that the criminal “lifestyle” of the appellant was at the epicentre of what the police wanted to know and what the appellant wished to conceal. The question is not whether the appellant had a lifestyle which society values ..."

Evidence of criminality is, in and of itself, lifestyle evidence.