Court Overturns Dutch Data Retention Law, Privacy More Important

wabrandsma writes According to DutchNews.nl: "Internet providers no longer have to keep their clients phone, internet and email details because privacy is more important, a Dutch court ruled on Wednesday." Digital rights organization Bits of Freedom writes in a blog: "The law's underlying European directive was meant as a tool in the fight against serious crimes. The Dutch law, however, is much more expansive, including everything from terrorism to bike theft. During the hearing, the state's attorneys avowed that the Public Prosecution does not take the law lightly, and would not call on the law to request data in case of a bicycle theft. The judge's response: it doesn't matter if you exploit the possibility or not, the fact that the possibility exists is already reason enough to conclude that the current safeguards are unsatisfactory."

Why does anyone try(or accept) this?

[fuzzyfuzzyfungus]

I've never understood the willingness to use(or the willingness to accept often enough to make using worthwhile) the "Just trust us and our discretion!" argument.

So, benefit of the doubt, maybe they are telling the truth when they say "During the hearing, the state's attorneys avowed that the Public Prosecution does not take the law lightly, and would not call on the law to request data in case of a bicycle theft." Fan-fucking-tastic. Even if I do believe them, do I have any reason to suspect that their successors will be as disciplined, or even as interested? No, no I don't.

It seems like some sort of category error, possibly related to the fact that (in evolutionary terms) we were basically living in tiny kin groups about 10 minutes ago; but in political science terms we haven't really been doing that in a millennium or two. "Trust" is all well and good(actually, very good, it has all sorts of advantages in making things go smoothly and reducing stress and anxiety) among people you interact with; but it's a dangerous thing to extend to institutions, except in its(quite different) sense of 'something is "trusted" if the overall correct function of the system depends on that thing behaving as expected, and there are not external constraints that will assure this'.

When it comes to neighbors, friends, and the like, sure, "trust" is a good thing. When it comes to institutions, the most trustworthy person is the one who says "I'd like to think that you'd find me personally trustworthy, if you knew me socially; but in my official capacity, I don't want you to have to trust me. You should have independent safeguards that would function even if I were a total shitweasel.

In this sort of law enforcement case, if they are so responsible and all, and would never use the law for minor purposes, why does the law allow for use in minor cases? Shouldn't it be uncontroversial to principle-of-least privilege and eliminate the possibility of such use? After all, law enforcement has already said that they have no interest in such capabilities, so surely they won't mind?

Re:Hooray!

[fuzzyfuzzyfungus]

I don't know why this fact escapes some people; but that's (one of) the problems with the 'trust me' argument. Sure, maybe I do trust you with my very life as a sworn blood brother who saved my life a dozen times at great peril to his own and whatnot. That's heartwarming. Doesn't matter a bit when you retire and your successor takes over.

In practice, it's even worse, since there are usually organizational incentives to ratchet up the transgressions(pollsters say that the public is concerned about crime? Politicians respond by promising to Get Tough and pushing the use of previously underexplored capabilities, game over.) Any system that depends on 'trust' in a person or agency is, in fact, not really a rule of law; but a rule of the hopefully-continued discretion of that person or agency.