[e-privacy] [Fwd: [IP-Enforce] Statement on EU Data Retention Directive]

[pinna]

-------- Original Message --------
Subject: [IP-Enforce] Statement on EU Data Retention Directive
Date: Mon, 05 Dec 2005 14:00:10 -0800
From: Robin Gross <robin at ipjustice.org>
Reply-To: robin at ipjustice.org
Organization: IP Justice
To: ip-enforce at ipjustice.org

FYI on following alert:

The European Parliament will vote on the proposed directive on data
retention next Monday.

A group of civil liberties organisations will send a statement (see
below) to all Members of the European Parliament, demanding the
rejection of the
proposal.

As this is what our Joint Declaration is aiming at as well, I recommend
you endorse their statement by emailing gus at privacy.org by 9am GMT 
tomorrow
(December 6th).

Also, I suggest you contact your local Members of the European 
Parliament
(http://www.europarl.eu.int/members/public.do?language=en) and urge 
them
to vote no on Monday.

Best regards,
Patrick Breyer


Open Letter to the European Parliament on Data Retention

To all Members of the European Parliament

We the undersigned are calling on you to reject the Directive of the
European Parliament and the Council on the Retention of Data Processed
in Connection with the Provision of Public Electronic Communication
Services and Amending Directive 2002/58/EC.

Adopting this Directive would cause an irreversible shift in civil
liberties within the European Union.  It will adversely affect consumer
rights throughout Europe.  And it will generate an unprecedented
obstacle to the global competitiveness of European industry.

A Directive Fraught with Problems

In the Information Society every human action generates transaction
logs.  Our movements, our purchases, and our interactions with others
can be routinely logged in public and private sector databases.  In
recognition of this, the European Union led the world in establishing a
data privacy regime to limit the collection, processing, retention, and
accessing of this information.  Now the Council is demanding that the
European Parliament reverse its position and lead the world in
introducing mass surveillance of our activities.

Under existing EU law many of these logs are already available for law
enforcement purposes for as long as the telecom industry service
providers retain them for business purposes.  Justice and Home Affairs
officials are pushing to make available even greater stores of
information.

The Directive proposes the collection of information on everybody's
communications and movements. The storage of such "communications
traffic data" allows whoever has access to it to establish who has
electronically communicated with whom and at what time and at which
location, over months and years.

In recent meetings with the Justice and Home Affairs Council on 1 and 2
December 2005, it appears that the European Parliament suddenly agreed
to the collection of information on everybody's communications and
movements for very broad law enforcement purposes, in spite of having
rejected this policy twice before.

We call on the Members of the European Parliament to reject this policy
for the following reasons.

1.  This Directive invades the privacy of all Europeans.  The Directive
calls for the indiscriminate collection and retention of data on a wide
range of Europeans' activities.  Never has a policy been introduced that
mandates the mass storage of information for the mere eventuality that
it may be of interest to the State at some point in the future.

2.  The proposed Directive is illegal.  It contravenes the European
Convention on Human Rights by proposing the indiscriminate and
disproportionate recording of sensitive personal information.
Political, legal, medical, religious and press communications would be
logged, exposing such information to use and abuse.

3.  The Directive threatens consumer confidence. More than 58,000
Europeans have already signed a petition opposing the Directive.  A
German poll revealed that 78% of citizens were opposed to a retention
policy.  The Directive will have a chilling effect on communications
activity as consumers may avoid participating in entirely legal
transactions for fear that this will be logged for years.

4.  The Directive burdens EU industry and harms global competitiveness.
Retention of all this data creates additional costs of hundreds of
millions of Euros every year. These burdens are placed on EU industry
alone. The U.S., Canada and the Council of Europe have already rejected
retention.

5.  The Directive requires more invasive laws.  Once adopted, this
Directive will prove not to be the ultimate solution against serious
crimes. There will be calls for additional draconian measures including:
- the prior identification of all those who communicate, thus requiring
ID cards at cybercafes, public telephone booths, wireless hotspots, and
identification of all pre-paid clients;
- the banning of all international communications services such as
webmail (e.g. Hotmail and Gmail) and blocking the use of non-EU internet
service providers and advanced corporate services.

An Illegitimate Process

Proponents of retention policy are sweeping these concerns aside and are
harmonising measures to increase surveillance while failing to harmonise
safeguards against abuse.  European opposition has been high, and the
arguments against reasoned and justified. The continued life of this
policy in Europe is inexplicable save for the illegitimate policy
process that is being pursued by the policy's proponents.

These proponents claim that retention is spreading across Europe.  In
fact, less than five countries have some form of mandatory data
retention in place, and even fewer apply the practice to internet
services.

The Council is demanding that the European Parliament approve a regime
that parliaments in the Member States have already rejected.  For
instance the UK Presidency is proposing a policy that has already failed
in the UK Parliament.  The Council is trying to make the Parliament
complicit in this act of policy laundering.

A Key Moment

As the EU embarks on this unprecedented policy, we are facing a
momentous decision as to whether we wish to set in motion a chain of
events that will lead to a surveillance society.

Once a surveillance regime begins it always expands.  As the European
Data Protection Supervisor has stated in his opinion, the mere existence
of data might lead to increased demands for access and use by industry,
law enforcement authorities, and intelligence services.  Already,
restrictions agreed on in the Committee for Civil Liberties were pushed
aside in secret negotiations with the Council.

Though the Council claims retention will combat terrorism, for years it
has rejected limiting the legislation to such investigations.  Even if
access to this data were limited by the Parliament to a list of serious
crimes nothing prevents the expansion of this list: already the
Copyright Industry has called for access to this data to combat
file-sharing online.

Any reimbursement of costs to service providers, like most other
surveillance cost-recovery experiments, will likely be temporary.
Eventually the costs and burdens generated by this policy will be seen
as 'the cost of doing business' and will be passed on to individual
consumers as 'the cost of communicating in Europe'.

The only way we can prevent this chain of events is by following the
example of other countries around the world and rejecting this policy in
its entirety.

Promises are Not Enough

The European Data Protection Supervisor and the Article 29 Working Party
of European Privacy Commissioners, as well as the European Parliament
itself, have repeatedly stated their convictions that the case for
retention has not been made.  And their calls for standards and
necessary safeguards have gone unheeded.  The concerns of civil society
and the telecommunications industry have also not been adequately
addressed.

This policy continues only due to secret processes, agreements
established without scrutiny, and through fast-tracking of debate
because the Council fears open and democratic discussion on these
matters.  This is evidenced by the lack of similar policies in Member
States where Parliamentary scrutiny is constitutionally required.

The EU should follow the example of open and democratic countries that
have instead chosen to implement a preservation regime where data is
collected and retained only for a specific investigation and then is
accessed through court orders.

We, the undersigned, call on Members of the European Parliament to
recognise the significant threat to European civil liberties, consumers,
and industry and to therefore reject the Directive on communications
data retention.

Gus Hosein, Privacy International and Sjoera Nas, EDRI

Privacy International

European Digital Rights

Foundation for a Free Information Infrastructure

Statewatch

Associação Nacional para o Software Livre (PT)
Bits of Freedom (NL)
BlueLink Information Network (BG)
CPSR- Canada and ES
Coopération-Solidarité-Développement (FR)
Deutsche Vereinigung für Datenschutz e.V. (DE)
Digital Rights Denmark (DK)
Digital Rights Ireland (IE)
EDRI-observer Aljaz Marn, privacyblog.net (SL)
Electronic Privacy Information Center (US)
Fairfax County Privacy Council (US)
FoeBuD e.V. (DE)
Forum InformatikerInnen für Frieden und gesellschaftliche Verantwortung
e.V. (DE)
Foundation for Information Policy Research (UK)
Foundation Metamorphosis (MK)
Helsinki Foundation for Human Rights (PL)
Internet Society - Bulgaria
Internet Society - Poland
IRIS - Imaginons un réseau Internet solidaire (FR)
ISPO, Association of Internet Service Providers (NL)
Iuridicum Remedium (CZ)
National Consumer Union (NL)
Netzwerk Neue Medien e.V. (DE)
Open Rights Group (UK)
OpenSky (Switzerland)
Option consommateurs (Canada)
Privacy Rights Clearinghouse (US)
Public Interest Advocacy Centre (Canada)
quintessenz (AT)
Stand (UK)
Stop1984 (DE)
Swiss Internet User Group (CH)
ver.di Fachgruppenvorstand Banken (DE)
VIBE!AT (AT)
XS4ALL (NL)


_______________________________________________
IP-Enforce mailing list
IP-Enforce at ipjustice.org
http://mailman.ctyme.com/listinfo/ip-enforce