Friday, September 10, 2004

FFII are concerned that the EU Council may rubber stamp the software patents directive at their meeting later this month.
I've been really busy and Blogger's been playing up in recent weeks. Hence the current sparsity of postings. But you should be staying tuned to Copyfight, EDRi and all the usual suspects.

Privacy International and EDRi have today released their response to the EU consultation on communications data retention. Needless to say it is intensely critical of the proposals. There's a salutory quote included from the European Court on Human Rights

"The distinguishing feature of a blanket data retention requirement is the absence of any reasonable relationship between the intrusion on individual privacy rights and the law enforcement objectives served."

The full report is worth a read. The executive summary follows:

"The following report is a response to the European Commission's Directorate Generals on the Information Society and on Justice and Home Affairs call for comments on a proposed retention regime across Europe. We welcome the intervention of the Commission in this process that has to date been led by some Member States, and previously conducted in a closed manner. We hope that the Commission will re-invigorate this debate, and provide some deliberation on this pressing issue before it is too late.

In this response we argue that any regime for the indiscriminate retention of personal data is hazardous. At a time like this, the European Union should be fulfilling its role to uphold the rights of individuals, as technologies become more invasive, and as laws are increasingly reluctant to protect individual rights. Data retention is an invasive and illegal practice with illusory benefits. And to date, the paths to data retention in Europe have involved illegitimate policy processes.

The retention of personal data resulting from communications, or of traffic data, is necessarily an invasive act. With the progress of technology, this data is well beyond being simple logs of who we've called and when we called them. Traffic data can now be used to create a map of human associations and more importantly, a map of human activity and intention. It is beyond our understanding as to why the EU Presidency and some select EU Member States insist on increasing the surveillance of traffic data even as this data becomes more and more sensitive, concomitant to a decreasing regard for civil liberties.

Claims that the retention of this information is necessary for investigations are not entirely accurate. Security gained from retention may be illusory. It is likely that traffic data that is associated to one individual may actually be linked to activity taken by another, or by a process that is unrelated to the activities of that user. The linking of one individual to a set of actions through checking logs is a tenuous link at best. In an investigation of 'who' visited a website with controversial content, even if the logs are well maintained, there is little certainty that they will lead back to the individuals who are being sought. We may be attributing actions and intentions to innocent individuals instead, which is also an invasion of privacy.

Retention is illegal. Article 8 of the European Convention on Human Rights protects the right to a private life. The indiscriminate collection of traffic data offends a core principle of the rule of law: that citizens should have notice of the circumstances in which the State may conduct surveillance, so that they can regulate their behaviour to avoid unwanted intrusions. Retention would be so extensive as to be out of all proportion to the law enforcement objectives served. Under the case law of the European Court of Human Rights, such a disproportionate interference in the private lives of individuals cannot be said to be necessary in a democratic society.

The process through which EU Member States are attempting to establish retention is illegitimate. Some believe that the mandate for retention was established through Directive 2002/58/EC on Privacy and Electronic Communications. In fact this Directive was passed under problematic circumstances, as were many of the national laws on data retention. Many of these laws were passed in response to terrorism, only for legislators to be shocked to discover that data retention has little to do with investigating terrorism and is more commonly used for common investigations and surveillance. We agree that the policy situation across the EU right now is quite fragmented with some countries with retention and others without. This is because some countries concealed the policy under the guise of terrorism. Others pursued this policy under the veils of silence and ignorance to its ramifications. Some Parliaments have actively rejected the policy. If the Commission calls for the adoption of data retention due to concerns regarding the single market and harmonisation, it will be rewarding these undemocratic actions of some member states whilst ignoring the democratic responses of others.

The process through which the EU is insisting on ensuring that all countries weaken privacy protections to support generalised surveillance is contrary to the principles of an open society."


Wednesday, September 08, 2004

An alledged Australian software pirate, Hew Raymond Griffith, has been extradited to the US.

Meanwhile, according to CNN,

"The U.S. Department of Justice has asked an appellate court to keep its arguments secret for a case in which privacy advocate John Gilmore is challenging federal requirements to show identification before boarding an airplane."

Sunday, September 05, 2004

Have a look at a new blog - Copyfutures and Ernest Miller's new law and IT conversations at the Importance of...