FC: E.U. weighs ordering ISPs to retain traffic, with Bush's support

From: Declan McCullagh (declanat_private)
Date: Sun Nov 11 2001 - 17:05:07 PST

  • Next message: Declan McCullagh: "FC: More on Senate voting soon on Sen. Mike Enzi's Net-tax bill"

    =================================================================
    CALL FOR ACTION - Safeguard Communications Privacy
    =================================================================
    
       - President Bush has asked the head of the European Union to
         amend privacy laws in Europe so as to allow law enforcement
         access to records of personal communications
    
       - The proposal is contrary to international human rights norms
         and has been rejected by European Privacy Commissioners and
         by Members of the European Parliament
    
       - The proposal also adversely impacts the privacy interests
         of US citizens
    
       - US and European groups are asked to endorse the letter to
         EU President Guy Verhofstadt expressing respectful but
         firm opposition to proposal
    
       - To endorse: send name of organization and URL, email and fax
         for contact person BEFORE NOVEMBER 11 to eu_letterat_private
         If questions, contact Cedric Laurant <chlaurantat_private>
    
       - Please forward this message to others UNTIL NOVEMBER 11
    
    =================================================================
    
    DRAFT
    
    12 November 2001
    
    Prime Minister Guy Verhofstadt
    President, EU Council of Ministers
       Brussels, Belgium
    
    Dear President Verhofstadt:
    
    We write to you on behalf of a wide range of civic organizations in
    the United States and Europe to express our concern regarding the
    request of President Bush that the proposed EU directive on the
    protection of privacy in the electronic communications sector
    (COM(2000)385) be altered to allow for data retention regarding the
    communications of Europeans and consequently of Americans.  While we
    support the President's efforts to take appropriate steps to reduce
    the risk of terrorism and to work with government leaders to protect
    public safety, we do not believe that this proposal is appropriate
    or necessary.
    
    First of all, under United States law there is no similar obligation
    for data retention by telecommunications companies. US federal law
    recognizes a need to preserve data once a particular investigation
    is underway, but it does not create a general obligation for
    communication carriers to retain records on customers that are no
    longer required by the carriers. President Bush is asking European
    governments to impose obligations on European companies that would
    not be imposed on US companies.
    
    Second, the European Privacy Commissioners and Members of the
    European Parliament have opposed efforts to create new data
    retention obligations. In the letter of 7 June 2001 to Mr. Göran
    Persson, President of the Council of the European Union, the
    Chairman of the Article 29 Working Group wrote that "Systematic and
    preventive storage of EU citizens communications and related traffic
    data would undermine the fundamental rights to privacy, data
    protection, freedom of expression, liberty and presumption of
    innocence."
    
    In a July 2001 report by the European Parliament Committee on
    Citizens' Freedoms and Rights, Justice and Home Affairs, Committee
    Members made clear that restrictions to safeguard public security
    and conduct criminal investigations should be appropriate,
    proportionate and limited in time and that general or exploratory
    electronic surveillance on a large scale could not be allowed.  The
    Members also noted that Member States should not have a general
    right to request whatever traffic and location data they wished
    without the authorities stating a specific reason as to why such
    information was needed, and that information should not be stored
    longer than was necessary for the transmission of data and for
    traffic management purposes.
    
    Third, because communications data often moves between the United
    States and Europe, European data retention requirements would
    directly and adversely affect the privacy right sof Americans. There
    is a significant risk, if this proposal goes forward, that US law
    enforcement agencies will seek data held in Europe that it could not
    obtain at home, either because it was not retained or because US law
    would not permit law enforcement access.
    
    Fourth, the retention of personal information that would otherwise
    be destroyed upon the completion of its intended use creates new
    privacy and security risks for citizens. Vast databases of personal
    data now include sensitive medical information as well as data
    revealing political opinions, religious and philosophical beliefs.
    These new retention requirements will create new risks to personal
    privacy, political freedom, and public safety.
    
    Further, the privacy commissioners have recognized that one of the
    best privacy safeguards is to minimize the collection of personal
    data where possible. They have consistently affirmed that
    confidentiality of communications is one of "the most important
    elements of the protection of the fundamental right to privacy and
    data protection as well as of secrecy of communications", and that
    "any exception to this right and obligation should be limited to
    what is strictly necessary in a democratic society and clearly
    defined by law." A blanket retention of all traffic data for
    hypothetical criminal investigations and for a long period of time
    would not respect these basic conditions.
    
    We note also that governments on both sides of the Atlantic have
    sought to make secret public information that would otherwise assist
    the public in understanding the threats it now faces.   We do not
    believe it draws the proper balance in a democratic society for the
    activities of government to be concealed from public scrutiny while
    the private activities of citizens are made open to government.
    
    Finally, we believe it is inconsistent with well established
    international norms for communications privacy, such as Article 8 of
    the European Convention on Human Rights and Article 12 of the
    Universal Declaration of Human Rights, for governments to compel the
    retention of private information for surveillance purposes.
    Confidentiality of communication is a central tenet of modern
    democratic society. Proposals to reduce the privacy of citizens will
    undermine the strength of the democratic state.
    
    We have contacted President Bush regarding our concerns. We
    respectfully urge you not to take any steps at this time that may
    reduce the privacy of citizens.
    
    Sincerely,
    
        Electronic Privacy Information Center
    
        American Civil Liberties Union
    
        Center for Democracy and Technology
    
        Electronic Frontier Foundation
    
        (list in formation)
    
    
    cc: President George W. Bush
    
    =================================================================
    
    REFERENCES
    
    Proposal for a European Parliament and Council directive concerning
    the processing of personal data and the protection of privacy in the
    electronic communications sector (COM(2000) 385 - C5-0439/2000 -
    2000/0189(COD))
    http://www3.europarl.eu.int/omk/omnsapir.so/calendar?APP=PV2&PRG=CALEND&LANGUE=EN&TPV=PROV&FILE=010906
    
    (Codecision procedure: first reading)
    
    The proposal was rejected(1).
    http://www3.europarl.eu.int/omk/omnsapir.so/pv2?PRG=CALEND&APP=PV2&LANGUE=EN&TPV=PROV&FILE=010906
    
    Letter from Article 29 Data Protection Working Party to Mr Göran Persson,
    Acting President of the Council of the European Union, June 7, 2001
    Available at: http://www.statewatch.org/news/2001/jun/07Rodota.pdf
    
    EU Data Protection Working Party Article 29, Opinion 7/2000 on the
    European Commission Proposal for a Dir. of the Eur. Parl. and of the
    Council concerning the processing of personal data and the
    protection of privacy in the electronic communications sector of 12
    July 2000 COM (2000) 385 (2 Nov. 2000), reprinted in M. Rotenberg,
    The Privacy Law Sourcebook, United States Law, International Law,
    and Recent Developments 437 (EPIC 2001)
    
    Committee on Citizens' Freedoms and Rights, Justice and Home Affairs,
    Report on the proposal for a European Parliament and Council
    Directive concerning the processing of personal data and the
    protection of privacy in the electronic communications sector, July
    13, 2001.
    Available at
    http://www2.europarl.eu.int/omk/OM-Europarl?PROG=REPORT&L=EN&PUBREF=-//EP//TEXT+REPORT+A5-2001-0270+0+NOT+SGML+V0//EN&LEG_ID=5
    
    ================================================== 
    
    
    
    
    -------------------------------------------------------------------------
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if you include this notice.
    Declan McCullagh's photographs are at http://www.mccullagh.org/
    To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/
    -------------------------------------------------------------------------
    



    This archive was generated by hypermail 2b30 : Sun Nov 11 2001 - 17:04:06 PST