ISPs battle ‘draconian’ EU data directive

9 Dec 2005

Internet service providers (ISPs) across Europe are urging MEPs to revise the wording of a draft directive on the retention of internet and phone data for over three years, which is to be voted on in the European Parliament next week, has learned. They warn that the directive in its current wording assumes every EU citizen is a criminal and that it is technically unfeasible to implement.

In an open letter to MEPs the Internet Service Providers Association of Ireland (ISPAI) warned that the directive erodes the fundamental principles of privacy and freedom of communications of law-abiding EU citizens.

Telecoms and internet firms typically store data for up to six months for billing purposes. However, various European states engaged in the fight against terrorism are pressing for these firms to store the data for longer with suggested time frames ranging between 24 months to six years. Poland, for example, is pressing for the retention of data for 15 years.

On Friday 2 December EU interior and justice ministers agreed to a text of the directive to oblige fixed telephony, mobile telephony and ISPs to implement data retention for all customers’ communications. MEPs will vote on the directive on Tuesday 13 December.

The chief executive of the ISPAI, Paul Durrant, told that ISPs believe that the directive as applied to internet communications is disproportionate and firms have grave misgivings about its true technical effectiveness for the prevention, investigation, detection and prosecution of criminal offences, including terrorism.

In 2003, Irish Justice Minister Michael McDowell TD sparked a row with ISPs, telcos and civil liberties groups when it became known that he was proposing a Telecommunications Retention of Data Traffic Bill, otherwise known as the “Big Brother Bill” calling for the long-term logging and monitoring of phone calls, text messaging, faxes, emails and internet usage over a four-year period. At the time McDowell insisted the bill was only in draft form.

In the ISPAI’s open letter to MEPs, the organisation warned that the directive to be voted on next week demands a level of retention of all citizens internet communications data without any coherent justification and goes far beyond the practice existing in any developed economy. It warned that the directive forces increased ISP costs to meet data capture requirements, distorts the internet EU market for ISP hosting and e-commerce services, impairs EU e-commerce competitiveness with other developed nations and erodes the fundamental principles of privacy and freedom of communications of law-abiding EU citizens.

The ISPAI said it was concerned about: “The negative impact this will have on ISP and e-commerce business growth, especially in Ireland where the knowledge-based IT industry is key to continued economic success. The failure to recognise that only a fraction of possibilities for internet communications are covered by the proposals and that terrorists and criminals can easily circumvent these, but simultaneously, it provides opportunity for abuse of retained data belonging to law-abiding citizens and businesses.

“The ineffectiveness of the directive to achieve its stated aims to any greater degree than the prevailing situation where ISPs co-operate very effectively with law enforcement.”

The letter went on to say: “The current data retention proposals are technically flawed in supposing investigative benefit to the additional email data listed. In fact, the retention of such unimaginably large quantities of data may simply make the task of ‘finding the needle in a haystack’ enormously more difficult as the haystack is made hundreds, if not thousands, of times larger!”

Durrant said the wording of the directive is vague and unclear and not only is technically and financially unfeasible but lacks safeguards against misuse by persons or groups whether they represent state bodies, non-government organisations, businesses or those acting in an individual capacity. “This is being rushed through and there’s so much that MEPs don’t understand about this. The industry has always supported the police in their investigation. However, we believe that the data retention directive in its current wording is the wrong way to go and automatically assumes everybody is a criminal. There are more efficient ways such as data preservation when law officers have a warrant to investigate people suspected of involvement in a crime. Across Europe there has never been a single police force that has given an example of where data retention has actually helped them.

“There are better ways to do this. 99.9pc of Europe’s population are innocently going about their day’s work. Let’s focus instead on the people committing crimes and help the police forces of Europe to work smarter, not harder. Who knows better than the technology experts that built the networks — it is in our interests also that people aren’t abusing our networks or use them to commit crimes.”

The ISPAI has urged MEPs to vote against the acceptance of the directive “in its current wording” and redraft a text in consultation with industry that will truly harmonise effective ISP data capture and storage procedures as well as aid democratic law enforcement and state security.

By John Kennedy