EU Still Looking at Mandatory Data Retention

An anonymous reader writes "Following up on a previous Slashdot article, European civil rights advocacy group Statewatch is detecting more rumbles of a possible weakening of privacy rights in the EU. The European council has been testing the waters for a new policy mandating retention of communications "traffic data" by all member states. The previous policy (adopted May 30) merely allowed an exception to EU privacy law for member states who wished to retain such data. Under the leaked draft proposal, law enforcement is to be allowed access to "traffic data" (identifying source, destination, time, etc.), which is similar to current US law. However, much worse is the requirement that telco providers retain such data for 12-24 months. Text of the draft framework decision is available. Also analysis by Statewatch. Backup link (in case of Slashdot effect)."

The spooks have access already...

[Chris+Croome]

I suspect that the US and UK and other governments spy agencies already have access to whatever electronic communications they want to tap.

This is the case in the UK with regard to phones, however phone tap data is never used in court here because the state might then have to admit how they got it -- they would rather not convict people then admit their sources and the extent of the eve dropping that is going on.

I suspect that draft proposals like this are based on the old trick -- suggest something totally over the top and impossible to implement then let well meaning people water it down, claim that government cares and listens and at the end of the day still get away with yet another outrageous new law and yet more erosion of privacy and civil liberties.

But then again I'm probably not cynical enough, it's probably far worse than I can imagine already...

Worried? Just ask for your file...

[ianscot]

Point nine of this draft gets to our privacy worry:

Such a priori retention of data and access to this data constitutes an interference in the private life of the individual; however, such an interference does not violate the international rules applicable with regard to the right to privacy and the handling of personal data contained, in particular, in the European Convention on the Protection of Human Rights of 4 November 1950, the Convention of the Council of Europe no.108 on the protection of persons in respect of the automated handling of personal data of 28 January 1981, and the Directives 95/46/ce and 97/66/CE, where it is provided for by law and where it is necessary, in a democratic society, for the prosecution of criminal offences.

They admit it's a compromise of individual privacy rights, but say it's allowed under those conventions. I was just looking for the spots in those documents:

• the 1950 one,
• the 1981 one

that allow mandatory storage of information in the absence of ongoing criminal investigation -- a priori.

The 1950 one includes a very general passage seeming to allow anything "preventive" if it might abridge the rights or freedoms of others. Doesn't make me feel safe. (Hey, someone might want to prevent me using my TiVo in naughty ways. That'd abridge Jack Valenti's right -- or is it a freedom? -- to rake in money.)

The 1981 thing's much more specific to the question, and opens up a world of hurt we could inflict on our various surveillance agencies:

The purpose of this convention is to secure in the territory of each Party for every individual, whatever his nationality or residence, respect for his rights and fundamental freedoms, and in particular his right to privacy, with regard to automatic processing of personal data relating to him ("data protection").
...
Any person shall be enabled:

a) to establish the existence of an automated personal data file, its main purposes, as well as the identity and habitual residence or principal place of business of the controller of the file;

b) to obtain at reasonable intervals and without excessive delay or expense confirmation of whether personal data relating to him are stored in the automated data file as well as communication to him of such data in an intelligible form;

Imagine the /. effect as we all demand access to the records being kept of all our packet traffic, all our phone calls... Hey, people ask for their credit reports. If the European agreement says it has to be "transparent" in this way, just start asking.