thoughts and observations of a privacy, security and internet researcher, activist, and policy advisor

Wednesday, September 20, 2006

Data Retention in the US and Europe - the state of politics

Sometimes it is interesting to watch how politics work differently on both sides of the Atlantic. While the US government had long refused to establish a mandatory retention scheme for communications data, the EU agreed on a directive to do so in February. Now, the EU member states have to implement it until September 2007, and suddenly they hestitate, and domestic opposition is growing:
The fact that opposition against this mass surveillance scheme has been growing so slowly in Europe is based on (at least) two sets of factors: The complexities of EU policymaking, which tend to bury imortant processes until they hit the national level for implementation; and the lack of a large-scale privacy scandal in Europe. Without a large public discussion, politicians can therefore often push legislation through the EU institutions, but then get hit by implementation problems and opposition at home.

In the United States, this is different. They have had quite a few privacy scandals, the last being the big AOL search data exposure, not to mention the NSA domestic phone surveillance programme. These have hit the mass media, so not only tech journalists and expert bloggers, but also the general public and politicians are aware of the dangers. Therefore, you could expect wide opposition against a data retention proposal in Washington. If you want to get any legislation approved that regulates what private corporations have to do (which data retention would imply), you have to basically bring them on your side (or at least silence them), or you need a policy window that normally only appears after a scandal or a catastrophe. Now, after some press statements earlier this year, attorney general Alberto Gonzales has officially asked Congress to enact data retention legislation. Besides from the fifth anniversary of 9/11, I don't really see a policy window at the moment. But Gonzales did this after having spoken about this with some of the major companies in July, so he can use a two-fold strategy. He can refer to the agreement or at least divided opinions among the ISPs, and he can point to Europe, where we already have a data retention directive.

It will therefore be necessary for the interested public in the U.S. to be aware of the opposition against and looming inconstitutionality of data retention legislation in the EU. It is also important to not fall into the "child porn" trap. We are already seeing quite some mission creep for the use of the data in Europe. Data retention was originally marketed as only being targeted at terrorists. Now it will also be used against school kids who use filesharing networks, for libel cases, and more.

On top of that, EU commissioner Franco Frattini has now officially declared that the U.S. government will have access to data retained in Europe. After passenger records and financial data, this will just make it even more easy for US intelligence services to conduct economic espionage in the EU. How handy, as the Echelon system is allegedly getting too old to fulfill this task much longer...


Post a Comment

<< Home