Europe Braced for Privacy Battle

A British civil liberties watchdog called Statewatch grabbed headlines last week with dire predictions that the European Union is about to grant Euro-cops sweeping new surveillance powers. The report portrays Europe on the brink of an Orwellian catastrophe, where all phone, fax, wireless and Internet traffic records would be archived and accessible to law enforcement for seven years.

A British civil liberties watchdog called Statewatch grabbed headlines last week with dire predictions that the European Union is about to grant Euro-cops sweeping new surveillance powers.

The report portrays Europe on the brink of an Orwellian catastrophe, where all phone, fax, wireless and Internet traffic records would be archived and accessible to law enforcement for seven years.

Privacy experts and advocates offered differing opinions on the likelihood that such sweeping surveillance measures could ever be implemented in Europe. Some suggested the conclusions in the report were a bit alarmist. Others thought a radical overthrow of Europe’s privacy protections possible — even imminent — unless political opposition could be rallied quickly.

“It would be difficult for a proposal like this to go forward,” said Marc Rotenberg, executive director of the Electronic Privacy and Information Center (EPIC). He is a leading expert on European privacy law.

Rotenberg cited the EU’s existing data protection policy, the Council of Europe (COE) conventions on data protection and human rights and rulings by the European Court of Human Rights as obstacles to passage of such sweeping surveillance powers.

“I don’t see all of that stuff getting pushed aside,” he said.

Civil liberties experts in Britain were less optimistic. They seem united in their belief that the leaked documents provide yet more evidence that a counter-attack from law enforcement and security agencies against the EU’s strident privacy and data protection laws is gathering strength.

“We’re set in the next few weeks or months for quite a big battle,” Tony Bunyan of Statewatch said.

Since posting their findings last Wednesday, which earned national coverage in Britain from the Guardian and the BBC, the group’s website has experienced record traffic.

Simon Davies, director of Privacy International, feared such a strict data retention mandate could become law following a trend of sacrifices of civil liberties in the name of security.

“My sense is the proposal is compatible with the (Council of Europe) cybercrime convention,” Davies said, “and with other international conventions that have been developed in the last five years. I don’t see any problem with it passing.”

David Banisar, also of PI, feared that even if such a measure failed to pass at the EU level, ministers of the member states could still use the Council of the European Union (different than the Council of Europe, a separate organization from the EU with 41 member states) to reach joint policy decisions, then urge passage of corresponding laws in their home countries.

Along with the European Commission and the European Parliament, the Council of the EU is one branch of the EU’s three main legislative institutions. EU directives (under which each member state is required to pass compatible laws) are drafted by the commission and require approval from the council and parliament.

Statewatch based its conclusions primarily on five key EU documents — apparently leaked — dating from July 12, 2000 to March 30. All were communications by or with officials from the 15 members of the EU called the Police Cooperation Working Party — part of the EU Council.

Commission officials in charge of data protection have recently published opinions that make clear that it opposes long-term archiving of telecommunications and Internet data. Under current EU directives, European ISPs are actually required to erase traffic data or make it anonymous after billing is complete, a period generally no longer than a few months.

In short, Statewatch has uncovered a serious rift between the Commission and the Council.

The documents Statewatch obtained show the Police Cooperation Working Party is concerned that EU data protection policies and commission recommendations requiring the erasure of traffic data will hinder criminal investigations and should be revised. None of the documents, however, specifically mentioned instituting a seven-year data retention requirement.

Statewatch got that number from an internal UK government report recommending that Britain adopt stricter data retention laws.

The Statewatch report summary makes the leap of grafting the two together by asserting: “Every phone call, every mobile phone call, every fax, every e-mail, every website’s contents, all Internet usage, from anywhere, by everyone, to be recorded, archived and be accessible for at least seven years.”

Understandably, that prediction made the papers, accompanied by provocative quotes from Bunyan, who called such practices “authoritarian and totalitarian.”

“It is pretty shocking,” Joel Reidenberg said, referring to the possibility of such policies being implemented.

Reidenberg is a law professor at Fordham University and has served as an expert advisor to the European Commission on data privacy.

On the question of whether seven-year archiving is likely to become a reality in Europe, Reidenberg fell somewhere between Rotenberg’s skepticism and the dark warnings of Bunyan.

While the right to privacy is enshrined in EU directives and pan-European treaties, all of those documents have wide loopholes for measures taken in the interest of public order or state security, he said.

“The U.S. tends to be more protective (than Europe) of citizens’ rights against the government,” he said. “(The EU) has strong limits in the Data Privacy Act on what the government and private sector can do in the ordinary course of business. But in the context of state security, they don’t have (such) strong protections (as the United States).”

However, while technically possible, Reidenberg still thought practical and political obstacles made it improbable such measures would ever become law in Europe.

“I think it very unlikely this would happen,” he said. “Amending a directive takes a few years, then enacting corresponding home legislation takes a few more years. The political will to do something so controversial is not likely to be sustained for that long.”

According to the Guardian UK, EU officials have neither confirmed nor denied the accuracy of the Statewatch report. The paper also reports that the British government is “strongly backing” the move to lengthen EU requirements for retention of telecommunications data.

Author: Jeffrey Benner

News Service: Wired News

URL: http://www.wired.com/news/privacy/0,1848,43928,00.html