By Kirsten Murphy, Silha Fellow
Europol, the police and intelligence arm of the European Union, has proposed a plan that will require member states' telephone operators and Internet Service Providers to retain records regarding telephone and Internet activity for a period of up to five years.
The plan gives new powers to police and intelligence agencies to monitor e-mail activity and telephone calls. The code was drafted at a meeting in the Europol Headquarters in The Hague in April 2001, when police, intelligence services and other European officials gathered in secret. On May 30, 2002, the European parliament approved revisions to the 1997 Telecommunications Data Protection Directive, adopting the basic proposals drawn up at the April Europol meeting. The approval in parliament followed on of the heels of the January 2002 Council of Ministers' adoption of a common position that member states could require retention of data for a limited time.
The move towards data retention reflects a dramatic shift in EU privacy law, which many attribute to the September 11, 2001 terrorist attacks on the United States. The revisions give each of the 15 EU member states the right to authorize data retention for law enforcement purposes for a limited period of time. Under the 1995 Data Protection Directive, personally identifiable data could only be kept for a short time for billing purposes, and then had to be destroyed.
Under the new code, companies running Internet sites will be required to record passwords and Web-page visits. Police and intelligence services will be able to ascertain senders and recipients of e-mails, dates and times, as well as the contents of messages. Financial data will also be kept, including credit card and bank details.
Telephone companies will also be required to retain text messages and details of calls made on mobile phones. Details of calls will include numbers dialed, address, birth date and bank details of the telephone subscriber. Police will also be able to track down the geographical location of anyone making calls using mobile phone call records.
Europol asserts that the retention of telecommunications data will assist police and intelligence services efforts to prevent such crimes as international terrorism, cyber crime, and drug running. In addition, the Commission has drawn a distinction between data retention and information turned over wholesale to police. A policy that ensures that data is saved for a limited period of time means that police and intelligence will not possess the information, but must request data from network operators before the operators are permitted by individual member state law to destroy the information.
Although the new law contains language requiring that law enforcement access to data be "appropriate, proportionate and limited in length," the plan has been denounced by privacy advocates in Europe and the United States as a highly intrusive form of surveillance. Civil libertarians express concern that the data archives will be used to conduct fishing trips to find information to incriminate individuals. Tony Bunyan, of the civil liberties group Statewatch, argues that if telecommunications data is retained "not only will data protection be fatally undermined but so too will be the very freedoms that distinguish democracies from authoritarian regimes." (See www.statewatch.org/news/2002/may/05surv.htm for full article.)
Europol is currently drawing up a manual of standards for member state police and intelligence on how to implement the code.
A copy of the agenda for the April meeting at Europol headquarters, entitled: "Expert Meeting on Cyber Crime: Data Retention," is available at www.statewatch.org/news/2002/may/europol.pdf