Telecommunication data retention
On 13 November, the UK House of Lords unexpectedly approved a very controversial 'Snoopers' Charter'. The three pieces of secondary legislation approve a 'voluntary' data retention scheme, and give a long list of government agencies self-authorised access to phone and Internet logs.
Throughout the debate it appeared that the government's proposals to place every UK email and phone account under surveillance was doomed. Conservative, Liberal Democrat and Cross Bench peers had vowed to oppose them. The Joint Human Rights Committee of the Parliament had expressed 'grave reservations' about the plans. Independent legal analysis had ruled them unlawful. Grim faced Home Office Officials sitting in the Advisors Box of the Lord's had admitted they were expecting the worst.
A legal opinion commissioned by EDRI-member Privacy International and provided by the law firm Covington & Burling concludes that mandatory data retention plans in the EU are unlawful.
The opinion, which relates to an EU framework directive on the retention of communications data, has profound ramifications for ten EU states that have implemented, or are planning to implement, measures to place communications users under blanket surveillance.
The opinion states: "The data retention regime envisaged by the (EU) Framework Decision, and now appearing in various forms at the Member State level, is unlawful.
Industry and human rights campaigners have condemned new data retention proposals from the UK's Home Office (Ministry of Internal Affairs).
The draft Statutory Instruments (secondary legislation) would approve 'voluntary' retention by Internet Service Providers, but preserve the power of the Home Secretary to impose a compulsory code. Data on customers would be retained for up to 12 months, and could be accessed by a large number of government bodies for many different purposes. While the 'Snoopers Charter', that enabled access for almost every government-related agency was officially withdrawn in June 2002, the new proposals show no change of heart.
Four major industry groups have published a joint statement against mandatory data retention. The coalition represents worldwide and European businesses including most major electronic communications service providers and manufacturers.
According to an article in the Irish Times of 26 May, the Irish Data Protection Commissioner Mr Joe Meade has twice threatened to begin High Court proceedings against the Government for using an "invalid" Ministerial Direction to unconstitutionally store citizens' phone, fax and mobile call data for 3 years.
As reported in EDRI-gram nr. 3, in April 2002 the Minister for Public Enterprise issued directions to telecommunication operators to keep detailed, non-anonymous traffic data for a three-year period.
Telecommunication companies in Austria have won an important court case against the federal government. Though in general the wiretapping provisions in the new Telecommunications Law were not deemed unconstitutional, from 2004 onwards, government will have to reimburse providers for the costs of procuring and maintaining surveillance equipment.
Full verdict in German (27.02.2003)
The Danish ministry of science and technology has mandated a committee on citizens IT-rights. The committee has representatives from various ministries, consumer organisations, the IT-business sector and civil society. EDRi-member Digital Rights has participated in the committee since it started its work in September 2002. The aim of the committee is to give recommendations to areas where existing laws and practices in Denmark may hinder citizen's enjoyment of their IT-rights. Areas under scrutiny include: citizen's communication with the public sector, privacy and registration, freedom of expression and access to information.
Since 1 April, new legislation went into force that obliges Swiss Internet Service Providers (ISPs) to keep a 6 month email log file. That means they will have to store time, size and addresses of all emails sent by their customers (the SMTP envelope data). The authorities will be able to access these stored data with a search warrant only. Access is limited to a number of serious offences such as paedophilia and drug trafficking.
There is no general obligation to store the content of all emails, but providers can be ordered to keep the specific correspondence of a suspect (preservation) and forward it to a special new crime-investigating unit.
Internet service providers have resisted the new legislation, pointing at the high costs of storage and selection software.