Intruders of the state?

By David Cronin

Date: 02/06/05

The European Commission has accepted that a plan by four EU countries to store details of all phone calls, faxes and emails would be too costly for industry and too intrusive for individuals.

The data retention proposal, drawn up by France, Britain, Ireland and Sweden following the 2004 Madrid bombings, is to be discussed by justice and interior ministers today (2 June).

Franco Frattini and Viviane Reding, the commissioners for justice and telecommunications, will tell them that a different approach should be taken.

The Commission will put forward its own suggestions for a scheme later this year, which are to differ markedly in scope to those envisaged by the four governments.

The EU executive is considering mandatory data retention of three to nine months, rather than the one to three years recommended by the four countries. The two commissioners also believe that an 'economic impact assessment' should be carried out to ascertain the cost for industry.

"The original proposal of the four member states doesn't take into account civil liberties and the impact on industry," says Martin Selmayr, the Commission's spokesman on information society and media. "It is not the right moment for imposing a new disproportionate regulation on the European telecoms industry and it is not the right moment to invade privacy in this way."

The initiative by the four has been jeopardised by opinions from lawyers in the Commission and the Council of Ministers. Both argued that telecommunications must be regulated under the single market provisions in the EU treaties and not as the justice and home affairs measure foreseen by the four countries. This means that the scheme would have to be introduced following a Commission proposal, with the European Parliament acting as a joint legislator.

Next Tuesday (7 June), the assembly is to approve a report highly critical of the four governments.

As well as arguing that it may flout the privacy clause in the European Convention on Human Rights, the report questions the effectiveness of the scheme.

It indicates that terrorists could easily avoid having their data traced by using public telephones or internet service providers outside Europe.

Critics of the scheme claim that law enforcement officers are already equipped to track phone calls during their investigations. Telecoms firms keep data on phone calls for several months - particularly, to deal with customers' querying their bills - and can provide these to the police, when judicial orders have been granted. Although Spain does not have a mandatory data retention scheme, the authorities were able last year to secure details of the mobile phone calls made by the 11 March Madrid bombers.

Similarly, it has been reported that police investigating the 1998 Omagh bombing in Northern Ireland have traced mobile phone calls made by the suspected perpetrators and have undertaken tests on the public phone box from which a warning was called. Some of the evidence gathered in this way has surfaced in subsequent court hearings.

Peter Hustinx, the European data protection supervisor, said that he regards the concerns identified by MEPs as "understandable and reasonable". Earlier this year, he said that the need for the kind of data retention sought by the four member states was "not sufficiently clear". If data is to be stored for long periods, he argued, "there would most certainly have to be very strict safeguards against misuse, either by providers holding these data or by law enforcement authorities seeking access, which are not yet visible in the proposal".

Even though George W. Bush urged the EU to introduce compulsory data retention after the 11 September 2001 attacks, the US Congress has not brought in anything comparable. Argentina's government recently abandoned data retention, too, in the face of stiff opposition from the business lobby.

"Of all the bad ideas, that governments have had since 11 September this one has lasted the longest," says Gus Hosein from Privacy International. "I wish governments would realise how futile it is."

Telecoms firms complain that they do not have the capacity to store the vast swathes of information which the scheme would involve. Complying with it, they estimate, would cost each company €180 million a year in technological investment, with annual operating costs of up to €50m.

In 2002, AOL said that it would need 36,000 CDs per year to comply with a new anti-terrorism act in the UK. Last month, Symantec, a maker of anti-virus software, argued that the volume of retained data would give anti-terrorist officers the task of "finding the needle in the haystack".

Police are sceptical about whether mandatory data retention will benefit their investigations. "If you draw together all data from telecoms providers, the result would be that it would take such a long time to find a particular number," says Jan Velleman from the European Confederation of Police. "Even with modern computer technology, we technically cannot handle it. And unless somebody proves we can handle it, then it is not really worth discussing."

Markus Beckedahl from Netzwerk Neue Medien, a German group promoting new technologies, feels that the public will be more reluctant to use the internet for personal communications or expressing political views if they know that they

will be placed under surveillance. This, he adds, could hold back the EU's Lisbon Agenda goal of building a technology-savvy society.

"If you know that your communications with your girlfriend could be stored for up to three years, then you will fear new technologies," he says.

Anticipation of discussions at a meeting of the EU's Justice and Home Affairs Council, 2 June 2005, on an EU-wide data retention scheme which would facilitate the pursuit of terrorist activities. Article reports that the European Commission was planning to argue against this initiative put forward by four Member States. It would, instead, suggest to present its own proposal later in the year, accompanied by an economic impact assessment to avoid hardships for the telecommunications industries. There had also been doubts about the legality of Member States proposing legislation on the issue.

• Primary Source