European institutions

Until late summer 2001, the official policy of the 15 member-countries of the European Union (EU) about regulation of cyberspace dismissed any idea of systematic retention of Internet connection records and monitoring Internet activity. The 11 September attacks changed that. In mid-October, US President George W. Bush urged Belgian prime minister Guy Verhofstadt, who was EU president at the time, to get a proposed amendment to the Directive on Protection of Telecommunications Data and Information altered to require "preventive retention" of data on Internet activity (traffic logs) as a means to fight terrorism. Bush expressed support for the British government (which, like the French, has introduced such data retention) and various EU police officials calling for new powers to monitor phone and Internet activity more effectively. Bush told Verhofstadt the United States was against automatic deletion of Internet connection records, a principle that was upheld in the proposed amendment. This position clashed with that of the European Parliament's Citizens' Freedoms and Rights Committee, which in July 2001 had approved a preliminary report by Radical MEP Marco Cappato for strict supervision of police access to traffic logs retained by phone companies and ISPs. Surveillance forbidden The Cappato report said that if such practices were to be allowed, EU member-states should be obliged to act under "a specific law comprehensible to the general public." The measures would have to be "entirely exceptional, authorised by the judicial or competent authorities for individual cases and for a limited duration, appropriate, proportionate and necessary within a democratic society." They should also be in line with EU human rights rulings, which forbid all forms of "wide-scale general or exploratory electronic surveillance." But under intense pressure from the Council of the European Union (that groups all member-states) and despite energetic lobbying by many NGOs, Euro MPs approved the amended directive on 30 May 2002. Its article 15.1 obliges governments that do not yet have such legislation, to pass laws (within 15 months) to force ISPs and phone companies to retain all records of e-mails, Internet activity, faxes and phone calls that have passed through their hands and guarantee the police, the courts and some government bodies free access to it. A report by the Council of 15's legal department released on 15 October 2001 had said however that EU governments already had the necessary powers to intercept telecommunications to fight terrorism. Convention on Cybercrime The first International Convention on Cybercrime was opened for signature in November 2001 in Budapest. It details various procedures, such as searching computer networks and intercepting messages. The pact, which was four years in the making, comes into effect when ratified by at least five countries, three of them Council of Europe members. It has so far been signed by 34 countries, including the United States, Canada, Japan and South Africa, but only two (Albania and Croatia) have ratified it. The agreement was attacked by civil liberties campaigners, ISPs and cyberspace experts who called it anti-freedom, meddling and likely to encourage a new era of generalised surveillance. Especially criticised were its articles 19, 20 and 21, which give details of how to gather private Internet data and traffic logs and information of interest to security services for their investigations; gather records kept by ISPs; search websites and their ISPs and extend such searches to other computer networks if necessary; store the data seized; and if necessary gather in real-time records and traffic logs (with legal officials able to require ISPs to do this work themselves). "Generalised surveillance" of Europeans The situation may get even worse. The Danish presidency of the EU proposed a measure on 24 June 2001 that the Council of the European Union might adopt. It was called "information technology related measures concerning the investigation and prosecution of organised crime" and said that "in the near future, all member-states will need to have adopted suitable measures to oblige telephone companies and ISPs to retain all records of their traffic so security services can readily consult it in the course of their investigations." The proposal also aims to standardise the laws of all European countries, including those seeking to join the EU. LINKS: - The European Parliament - The Council of Europe