Democracy, freedom and the internet: how digital technologies empower or undermine civil liberties. Statement of Maurice Wessling

(www.radicalparty.org) DOCUMENTS ON: INTERNET / DOC.TYPE: SPEECHES (EP)

10/07/2002 | Democracy, freedom and the internet: how digital technologies empower or undermine civil liberties. Statement of Maurice Wessling

Introduction to European Digital Rights

In June 10 organisations from 7 EU countries that are concerned with civil liberties in the digital world have joined forces and have founded European Digital Rights. The aim of EDRi is to defend civil rights in Europe in the age of information- and communication technology.
The need for cooperation among European organizations is increasing as more regulation for the internet, privacy and interception is originating from the European Union. Especially since 11 September the pace in which civil rights threatening regulation has been passed demands unified action from civil rights defenders. Some examples of regulations and developments that have the attention of European Digital Rights are data retention requirements, telecommunications interception, the cyber-crime treaty, initiatives for rating and filtering of internet content, notice and takedown procedures of websites and fair use restrictions.

Designing Big Brother: data retention in the Netherlands

Interception

Any new regulation on data retention in the Netherlands has to be seen against the background of the existing legal framework and statistics of the interception of telecommunications. Police forces, the prosecutors and judges in the Netherlands have developed a practice in which the interception of telecommunications has become the core of the investigative process. According to a 1996 report by the Ministry of Justice's research centre in 1993 and 1994, 3600 and 3300 telephone lines were wiretapped by the police. According to the same report these statistics are considerably higher (in absolute figures) then those in the USA or the UK. From statistics over 1998 it becomes clear that the numbers of intercepts has been exploding in the Netherlands to 10.000 wiretaps a year of which 7000 were mobile phones.
Internet intercepts are just beginning but they will have a huge impact on these figures. The 1998 Telecommunications Act demanded internet service providers to have their technical infrastructure ready for the tapping of internet traffic by police and intelligence organisations. Recently complicated technical and organisational problems have been solved and full internet taps and more limited email taps are being conducted at all large ISPs in the Netherlands.
Wiretaps (either normal telephony, GSM or internet) can be ordered by a prosecutor with approval of an investigative judge under the Code of Criminal Procedure for crimes that have a maximum four-year punishment. This article enables wiretap warrants for four-week periods which can be repeated infinitive.

Traffic data

The Telecommunications Act sets a general rule that specified traffic data has to be kept for three months by the telecommunication providers. There has been a lot of confusion about this part of the Act because a separate decree should order which traffic data is subject to this obligation. Until now there has still been no specification and therefore also no obligation to do so. The minister of justice has announced however that a decree is in the works that will order the preservation of traffic data of pre-paid mobile phones for the mentioned three-month period.
In practice it seems that the hurdle for police to obtain data lies elsewhere. Instead of using existing powers and defining what data should be stored it seems that the government is focusing on widening the legal possibilities to seize traffic data from telecommunication companies. The main goal seems to be to remove the judge out of the process of issuing warrants and delegating that power to a lower level such as a prosecutor. It also seems that telecommunication companies already store so much data for billing and fraud detection purposes that most data retention needs of the police are fulfilled already.

Subscriber data

In order to obtain the subscriber data (name, address) of the customers of telephone and GSM providers an extensive and complicated infrastructure has been set up. All databases with subscriber information of telephone companies have been linked up to a central desk operated by the ministry of justice. This system makes it possible to query the databases without the telephone company knowing which information has been requested and when.

Police access to stored data

A central question regarding the privacy and civil rights of citizens is which safeguards against abuse and non-proportional use are in place. In the Netherlands existing safeguards will be removed.
In 2001 the Dutch government set up an advisory committee to design a new legal framework for the access to stored data by police. The scope of this revision is very wide and applies to data stored by telecommunication companies, banks, credit card companies, hotels, car rentals and any company that sells goods or services to third parties. The advice by the committee was to simplify access to this data by lowering the general safeguards. Access to telecommunications traffic data could be granted by a prosecutor instead of a court. And access to name and address information should be available for individual police officers without any higher level permission. The proposal introduces also data mining on existing stored data though a court order.

Who watches the watchmen?

Most worrisome in all these developments is the absence of oversight, control and transparency.
The Netherlands has no commissioner or oversight body that reviews and evaluates telecommunications interception. As a result no official statistics or yearly report with failures and mistakes is submitted to parliament. General statistics are even regarded as secret although no official and legal classification is applied.
Future legal changes will worsen the situation. The proposed law on access to stored data by police will remove or lower existing safeguards and puts nothing back in place. Not even the most minimal obligation to report yearly on developments and procedures.
Recently it has become clear in several court cases that this lack of oversight on the interception of telecommunication may even become counter-productive and will undermine the strength of the produced evidence. For years police have been intercepting, storing and using phone calls between suspects and their lawyers against the legal requirement to immediately destroy such content in order to protect the lawyer-client confidentiality.
It has also become public that the ministry of justice has not developed any technical standard or audit to evaluate the inner workings or the reliability of the interception equipment is has been using. Such audits were regarded as too expensive. This has lead to a situation where any intercept used as evidence could be challenged in court, this is already happening.

Conclusion

In a country where interception is the core of the investigative process, data retention will be used on a very large scale. The lack of oversight and the inability and unwillingness to create any meaningful transparency and audit will cause the use of data retention to spin out of control and little is going to be done to prevent abuse.
Any legal framework, national law or EU, on the interception of communication (traffic data or content) should least provide oversight and transparency. If not it is inadequate and dangerous law making.

OTHER LANGUAGES