Europe’s Restrictive New Data Law
The European Parliament on Wednesday passed an anti-terror law requiring Internet service providers and telephone companies in the 25-nation European Union to keep phone and Web site records on their customers for as long as two years. By a vote of 378 to 197, with 30 abstentions, European lawmakers meeting in Strasbourg passed what one privacy advocate opposed to the plan called “one of the most restrictive surveillance laws in the world,” exceeding the level of communications monitoring allowed in United States.
“The EU plans to fingerprint all of its citizens, monitor all communications transactions and surveil all movement and travel,” said Gus Hosein, a senior fellow at Privacy International, a London-based watchdog, and a visiting lecturer at the London School of Economics. “All these policies have been rejected by the U.S., but are now law in Europe.”
[Michael] Bartholomew [director of the European Telecommunications Network Operators’ Association] questioned the effectiveness and feasibility of the law in stopping terrorists, who could simply use U.S.-based e-mail services not subject to EU scrutiny. He also criticized the lack of any provision to reimburse operators for costs of data storage.
Proponents of the law said it would give European law enforcement officials a powerful weapon to track terrorists. The law would require phone operators to store data on completed calls, and Internet providers to log customer Web site visits, from six months to two years. Each EU member state, which must adopt the measure into local law before it can take effect, will determine how long data is kept. Only connected calls, e-mail exchanges and Web site visits will be recorded, not the content of individual conversations or e-mails
I’m afraid this is a typical example of people trying to regulate the Internet who do not understand it. As the Reuters report on the passage notes, this was despite findings of unfeasibility by the investigative committee:
Europe’s telecoms and Internet industries issued a joint statement saying the new rules raised major concerns about technical feasibility and proportionality. “This directive will impose a significant burden on the European e-communications industry, impacting on its competitiveness,” the statement said. The industry also said only 20 percent of e-mails would be covered since many service providers were outside the bloc.
The head of Germany’s data protection agency said the rules risked prying even in cases with no grounds for suspicion. “The room for manoeuvre provided in the directive must be used … to keep the intrusion on citizens as limited as possible,” Peter Schaar said in a statement.
It gets even scarier:
Law-enforcement authorities in the country where data is collected will have an automatic right to access it. Such authorities in countries outside of the European Union will have access if data-sharing agreements exist with the country in question.
The U.K. government, which is currently chairing E.U. meetings, made getting an agreement on the rules a priority following the London transportation bombings in July. Police and intelligence services used mobile phone records and closed-circuit TV footage to identify and track down suspected perpetrators of the attacks that killed 55 people. U.K. Home Secretary Charles Clarke said that WednesdayÃ¢€™s agreement sends a “powerful message that Europe is united against terrorism and organized crime.”
However, the new rules have come under fire from civil liberties campaigners. The new requirements are a “green light for mass surveillance, fishing expeditions and profiling,” said U.K. Liberal Democrat M.E.P. Sarah Ludford. “Real terrorists escape detection by using foreign Internet service providers like Hotmail and Yahoo, Internet cafes, and pay-as-you-go phones while ordinary citizens could find details of their movement, acquaintances and favorite Web sites circulating [among government officials],” she added.
The upshot, as with most counterterrorism measures, is more expense, more inconvenience, and less privacy with a negligible impact on terrorists.