Data Retention in the US and Europe - the state of politics
Sometimes it is interesting to watch how politics work differently on both sides of the Atlantic. While the US government had long refused to establish a mandatory retention scheme for communications data, the EU agreed on a directive to do so in February. Now, the EU member states have to implement it until September 2007, and suddenly they hestitate, and domestic opposition is growing:
- The government of Ireland has already taken the case to the European Court of Justice to declare the legal basis for the agreement as illegal.
- 16 of the 25 member states have taken an exception clause and will postpone internet data retention until the spring of 2009.
- The civil liberties group Digital Rights Ireland is suing the Irish government and the EU and wants to stop the directive completely on the basis of constitutionality reasons.
- The German civil liberties group Humanistische Union just announced a campaign and constitutional challenge against data retention (with big chances for success, as the German constitutional court has already ruled out data retention "just in case you might need it later" in a previous decision). The scientific service of the German parliament also thinks it will be against the constitution.
In the United States, this is different. They have had quite a few privacy scandals, the last being the big AOL search data exposure, not to mention the NSA domestic phone surveillance programme. These have hit the mass media, so not only tech journalists and expert bloggers, but also the general public and politicians are aware of the dangers. Therefore, you could expect wide opposition against a data retention proposal in Washington. If you want to get any legislation approved that regulates what private corporations have to do (which data retention would imply), you have to basically bring them on your side (or at least silence them), or you need a policy window that normally only appears after a scandal or a catastrophe. Now, after some press statements earlier this year, attorney general Alberto Gonzales has officially asked Congress to enact data retention legislation. Besides from the fifth anniversary of 9/11, I don't really see a policy window at the moment. But Gonzales did this after having spoken about this with some of the major companies in July, so he can use a two-fold strategy. He can refer to the agreement or at least divided opinions among the ISPs, and he can point to Europe, where we already have a data retention directive.
It will therefore be necessary for the interested public in the U.S. to be aware of the opposition against and looming inconstitutionality of data retention legislation in the EU. It is also important to not fall into the "child porn" trap. We are already seeing quite some mission creep for the use of the data in Europe. Data retention was originally marketed as only being targeted at terrorists. Now it will also be used against school kids who use filesharing networks, for libel cases, and more.
On top of that, EU commissioner Franco Frattini has now officially declared that the U.S. government will have access to data retained in Europe. After passenger records and financial data, this will just make it even more easy for US intelligence services to conduct economic espionage in the EU. How handy, as the Echelon system is allegedly getting too old to fulfill this task much longer...