A seven-year-old EU directive that requires telecoms outfits to retain details of phone calls and emails - such as traffic and location - clashes with the 28-member bloc's privacy rights for citizens, a Court of Justice Advocate General has said. Pedro Cruz Villalón believes that the 2006 data retention directive "constitutes a …
So, how long before we start to hear 'Bloody foreigners, coming over here and stopping companies, the spooks, the police, councils, people who work for councils, contractors and civil servants from invading our privacy.’
I confidently predict our political overlords* totally ignoring this ruling and cotinuing to spy on us in every little way they can, legally or otherwise.
*or elected 'representatives', if you will
Sure, but they won't be able to get the ISPs to do their leg work for them.
If the court follows the argument then all courts will have no choice but to act in accordance with the decision and award for any case brought against such legislation. The associated costs will ensure a pretty swift end once the period of grace for a transition has passed.
I'm confused. It's obvious that telecoms providers need to retain some details of usage for a period of time, to resolve billing disputes if for no other reason. The 2006 directive (Article 6) requires that:
Member States shall ensure that the categories of data specified in Article 5 are retained for periods of not less than six months and not more than two years from the date of the communication.
IANAL, but that seems to say nothing about an upper limit on data retention, which would therefore (unless local legislation imposes other constraints) be at the discretion of the service provider. Anyone able to clarify for me?
The "not less that 6 months and not more than 2 years" seems to me to put an upper limit of 2 years on the retention, i.e. 6m < retention < 2 years.
IANAL either though ^^;
That thought occurred to me, too. But in that case what's the problem? Are they saying it should be less than 2 years?
IANAL either, and Merkin too.
So, feel free to ignore me on both counts (see title). I can do a little math.
The US gains 1 person every 16 seconds or so. If you are filling network addresses, that person can be either the first of a new network generation of the last of the old. So, the US gives birth to a new (IPv4) network generation every 8.5 years. The doubling rate (ln(2)/ln(1+r)) is 8.49%. The larger the aggregate grouping (and the EU is different from both components or the US as a group), the higher this rate becomes. The problem for Privacy is that if you scale network growth up to global speeds, the doubling rate becomes artificially large. If you make your living marketing adult toys to 8 year olds or marketing 8 year olds to adults then you probably don't care. The EU cares.
Billing data is retained - but it's what it says on the tin - the information that appears on the bill. In these days of inclusive minutes, SMS and data Gb, the bill holds just the exceptions, and in the case of data Gb it holds nothing about the use of the Gb.
The most recent data retention rules (not yet fully complied with in many EU countries) require the metadata (i.e. date, time, from. to, length, duration etc) to be retained for calls, SMS, web browsing, email etc for the purposes of legal intercept - i.e. where a court order has been obtained to access the information. This information is supposed to be held very securely by the telco with no access unless with a court order. In my experience, most telcos are pretty good at this and this legally held data is secure.
However, what the court appears to be saying that even with those protections, that the mere retention of that level of metadata is a constraint on human rights.
However, this seems to be a side issue, those legal intercept systems seem to be working securely as planned. I don't really have any issue with this if it's used with appropriate controls and oversight and is used for major crime et al.
The recent relevant revelations are far more worrying. Without court orders, without oversight, by tapping cables, and using the loophole of international communications (i.e. anything that goes via the US is deemed to be 'international' and is therefore fair game) the vast majority of anyone's communication via the internet is searched, analysed and retained without (apparently) any secure controls.
GCHQ has already demonstrated both the willingness and capability to use MITM attacks to lift user credentials from the Belgian telco system/network engineers. Those are the very people that can pull up that data which is why they would be targeted in the first place. The US and the rest of the Five Eyes got included on the take. There's the problem. In addition, any datastore that is accessible remotely, sometimes even over an airgap if you can believe that, can and will be cracked by someone with an interest (or just for the lulz) in that data.
This is your problem. My government (US) doesn't respect anyone's privacy. Period. [Not that I had any privacy with them anyway. And no, I don't wear a tinfoil hat.]
Im sure Politicians
Will vote out of the agreement much as they do with any others they dont agree with
Which is why it's not on the statute books in Germany
The law implementing the directive in Germany was struck down by the constitutional court for exactly this reason. Comically, the European Commission is required to undertake measures against Germany for not fulfilling with the directive while at the same time agreeing that it is probably too draconian and evidence mounting up (Denmark has published studies as far as I know) that collecting all this data has done nothing to prevent terrorism but has increased costs for all involved.
I'm not against logging information that might be helpful solving crimes but:
- such data must be kept securely within the EU
- the period for keeping such information should be much shorter: a week or a month at most
- a warrant should be required to access the information
If there are sufficient grounds to suspect someone then it is easy enough to get a warrant which will allow the wiretapping / logging of an individual, as is practised in Italy.
Poor NSA. They were probably expecting a surveillance bonanza in EU with EU countries giving them data. Now it looks uncertain and might stop.
If there are sufficient grounds to suspect someone
Their counter argument would be its this data that makes people suspects in the first place
A bit slow?
Pedro Cruz Villalón believes that the 2006 data retention directive "constitutes a serious interference with the fundamental right of citizens to privacy"
Yep - it was obvious in 2006, so why has it taken 7 years to realise that?
There's one rule for you
and none for us.
It is not a matter of whether you trust the $GOVT, it is whether it is even possible....
A little gift from the Tony Blair Home Office to the whole of the EU following the Madrid bombing
Curiously the Spanish did not want this in any case.
And would you like to guess which country most El Reg commentards live in pushed for their local version to be the whole 2 years?
But maybe just maybe, Europe will come out of the collective insanity that got this data fetishists wet dream through in the first place?
I'm shocked, shocked to find that rights are being violated here!
Yeah, yeah, Louis. The Nazis have been violating our rights for years, but at the time, when everybody else in this joint expressed outrage at the nerve of it all, you said our rights didn't amount to a hill of beans. Not an easy day to forget. I remember every detail. The Nazis wore gray, you wore blue.
But now all of a sudden you're overcome with pity?
Say, this wouldn't have anything to do with Laszlo running off with that secret Nazi dossier, would it?
- Review Is it an iPad? Is it a MacBook Air? No, it's a Surface Pro 3
- Game Theory The agony and ecstasy of SteamOS: WHERE ARE MY GAMES?
- Hello, police, El Reg here. Are we a bunch of terrorists now?
- Microsoft and HTC are M8s again: New One mobe sports WinPhone
- Worstall on Wednesday Wall Street woes: Oh noes, tech titans aren't using bankers