Navigation

Archive | Data Retention

European Court of Justice rejects data retention. Again.

By on December 21, 2016 in Big Brother, Civil liberties, Data Retention, ECJ

Techcrunch:

The highest court in Europe today ruled that “general and indiscriminate” data retention directives contravene European Union law — dealing a significant blow to governments and organizations who have been pushing for stronger surveillance and data collection, and giving a boost to privacy advocates in the process.

ECJ press release (PDF) »

• Ars Technica: Investigatory Powers law setback: Blanket data slurp is illegal—top EU court »
• Techcrunch: EU court rejects data retention law, throwing cold water on UK’s ‘Snooper’s Charter’ »

0

ECJ Advocate General on data retention: Strict conditions must apply

By on July 19, 2016 in Big Brother, Civil liberties, Data Protection, Data Retention, ECJ, EU, Human rights, Internet, Privacy, Rule of law, surveillance

Data retention (collection of data about everybody’s phone calls, text messages, e-mails, internet connections and mobile positions) may only be used to combat serious crimes – and only if there are no other options (such as using surveillance only against people who are actually suspected of criminal activities).

This is the essence of the European Court of Justices Advocate Generals recommendation in some ongoing cases about data retention.

From the press release (PDF):

The Advocate General is of the opinion that a general obligation to retain data may be compatible with EU law. The action by Member States against the possibility of imposing such an obligation is, however, subject to satisfying strict requirements. It is for the national courts to determine, in the light of all the relevant characteristics of the national regimes, whether those requirements are satisfied.

First, the general obligation to retain data and the accompanying guarantees must be laid down by legislative or regulatory measures possessing the characteristics of accessibility, foreseeability and adequate protection against arbitrary interference.

Secondly, the obligation must respect the essence of the right to respect for private life and the right to the protection of personal data laid down by the Charter.

Thirdly, the Advocate General notes that EU law requires that any interference with the fundamental rights should be in the pursuit of an objective in the general interest. He considers that solely the fight against serious crime is an objective in the general interest that is capable of justifying a general obligation to retain data, whereas combating ordinary offences and the smooth conduct of proceedings other than criminal proceedings are not.

Fourthly, the general obligation to retain data must be strictly necessary to the fight against serious crime, which means that no other measure or combination of measures could be as effective while at the same time interfering to a lesser extent with fundamental rights.

Furthermore, the Advocate General points out that that obligation must respect the conditions set out in the judgment in Digital Rights Ireland (5) as regards access to the data, the period of retention and the protection and security of the data, in order to limit the interference with the fundamental rights to what is strictly necessary.

Finally, the general obligation to retain data must be proportionate, within a democratic society, to the objective of the fight against serious crime, which means that the serious risks engendered by that obligation within a democratic society must not be disproportionate to the advantages it offers in the fight against serious crime.

Here it is important to remember that the ECJ revoked the EU Data Retention Directive – the document all member states data retention is built upon – in the spring of 2014. This because it violates fundamental human rights, such as the right to privacy. So it is hardly possible to stick to any direct adaptations of the fallen directive.

One thing that seems to be clear is that data retention cannot be used to investigate minor crimes (e.g. illegal file sharing). And it cannot be used for non-criminal proceedings (e.g. by local councils and tax authorities). The infringement of privacy is massive with data retention. It must be in proportion to the seriousness of the suspected crime.

Point four (“which means that no other measure or combination of measures could be as effective while at the same time interfering to a lesser extent with fundamental rights”) is also interesting. Of course, there are other measures – like only using surveillance against people suspected of criminal activities, instead of the entire population.

Later this fall the ECJ will give its final verdict. But it usually follows the Advocate Generals recommendations.

Links:
• ECJ press release (PDF) »
• The Advocate Generals recommendation, full text »
• EDRi – European Court confirms: Strict safeguards essential for data retention »
• Falkvinge – European Supreme Court says “Maybe” to mass surveillance of innocents »

0

UK spies cannot handle all the data

By on June 8, 2016 in Big Brother, Data Retention, GCHQ, Privacy, Snowden, UK

“British spies may have put lives at risk because their surveillance systems were sweeping up more data than could be analyzed, leading them to miss clues to possible security threats” according to documents in the Snowden files, now published by The Intercept.

A common analogy when it comes to mass surveillance is “trying to find a needle in a haystack”. Thus, having a bigger haystack might make it harder to find the needle.

Sure enough. The Intercept writes…

Silkie Carlo, a policy officer at the London-based human rights group Liberty, told The Intercept that the details contained in the secret report highlighted the need for a comprehensive independent review of the proposed new surveillance powers.

“Intelligence whistleblowers have warned that the agencies are drowning in data — and now we have it confirmed from the heart of the U.K. government,” Carlo said. “If our agencies have risked missing ‘life-saving intelligence’ by collecting ‘significantly’ more data than they can analyze, how can they justify casting the net yet wider in the toxic Investigatory Powers Bill?”

The British government’s Home Office, which handles media requests related to MI5, declined to comment for this story.

And this is not just a general opinion. There are figures.

A top-secret 2009 study found that, in one six-month period, the PRESTON program had intercepted more than 5 million communications. Remarkably, 97 percent of the calls, messages, and data it had collected were found to have been “not viewed” by the authorities.

The authors of the study were alarmed because PRESTON was supposedly focused on known suspects, and yet most of the communications it was monitoring appeared to be getting ignored — meaning crucial intelligence could have been missed.

“Only a small proportion of the Preston Traffic is viewed,” they noted. “This is of concern as the collection is all warranted.”

Then, there is mission creep…

Carlo, the policy analyst with Liberty, said the revelations about MILKWHITE suggested members of Parliament had been misled about how so-called bulk data is handled. “While MPs have been told that bulk powers have been used only by the intelligence community, it now appears it has been ‘business as usual’ for the tax man to access mass internet data for years,” she said.

We told you this would happen.

/ HAX

Links:
• The Intercept: Facing data deluge, secret U.K. spying report warned of intelligence failure »
• Supporting document: Digint Narrative »
• Supporting document: Digint Imbalance »
• BoingBoing: MI5 warning: we’re gathering more than we can analyse, and will miss terrorist attacks »

0

What the Police really wants to know

By on May 19, 2016 in Big Brother, Data Retention, File Sharing, Intellectual Property, Privacy

For the first time, an ISP publishes statistics of what crimes the Police are investigating when requesting the release of internet subscriber identities. The so-called Data Retention, which is a governmental requirement to store data about everybody’s communications in order to use it against them in the future, was originally justified as necessary for fighting organized crime and terrorism – but is now being used against ordinary sharing of music and movies, according to the ISP.

“We want to publish these statistics in order to show the Police are violating people’s privacy and spending resources on pointless trifles”, says Jon Karlung, CEO of Bahnhof.

Falkvinge: For first time, an ISP reveals why Police demand internet subscriber identities: ordinary file sharing is the most investigated “crime” »

0

The Closing of the Net

By on May 13, 2016 in Big Data, Big Entertainment, Big Government, Copyright, Data Retention, Hacktivism, Intellectual Property, Internet, Privacy

Monica Hortens new book The Closing of the Net is now available.

In a mail to colleagues, fans and friends she writes…

I am delighted to announce that my new book “The Closing of the Net” has been released.

“The Closing of the Net” discusses how political decisions are influencing the future direction of Internet communication. As the interests of powerful businesses are manipulating governments and policymakers, and become more embedded in the online world, so these corporations seek greater exemption from liability. The book confronts the deepening cooperation between large companies and the state. Political manoeuvrings, it argues, suggest that the original vision of a free and democratic Internet is rapidly being eclipsed by a closed, market-led, heavily monitored online ecosystem. “The Closing of the Net” tackles the controversies surrounding individual rights today, addressing policy agendas such as net neutrality, copyright and privacy. It includes research that I have not previously published on topics including Megaupload, the EU Data Retention Directive, UK copyright lawsuits, and more.

“The Closing of the Net” is published by Polity Press http://tinyurl.com/zhqz5j6 and is available from Amazon http://amzn.to/1S6zxJ7 It has been described as “thriller-esque”! I do hope you enjoy it.

Monica Horten gave us a lot of important input about the Telecoms Package and other net oriented dossiers when I worked with the Pirate Party in the European Parliament.

0

What to learn from the Abdesalam fiasco

By on April 30, 2016 in Big Brother, Big Government, Civil liberties, Data Retention, Intelligence, Privacy, Rule of law, surveillance, War on Terror

Surveillance should only be directed against people who are suspected of (or to commit) serious crimes.

Mass surveillance – of everyone – only creates a bigger haystack, more false positives, and hamper police and intelligence authorities in their efforts to identify real threats.

Take the Abdesalam brothers in the Paris attacks as an example…

Both were known to Belgian authorities; both were suspected to prepare “an irreversible act”. For years.

This is a case of sloppiness, lacking resources and being Belgian.

Belgium might be a dysfunctional mess, but the problem is the same in other countries. The more mass surveillance data, the more police officers gazing at computer screens – the less security and safety.

Authorities all over would need to get serious, pretty quickly. There is no room for public sector inefficiency when it comes to fighting terrorism. There is no room for incompetence and idleness.

And there are no (valid and publicly acceptable) reasons to replace human intelligence with mass surveillance of the entire population.

The Americans might do it. The Russians and Chinese also do it, for sure. But that is no reason that Europe should. This is exactly what makes our liberal democracy so special. In Europe, we trust ordinary and law-abiding people enough to keep out of their private lives.

The Paris attacks were very real, sad and terrifying. The Abdesalm brothers are very real terrorists. This reality underlines that we need other methods to protect us from danger rather than mass surveillance and data retention. We need wise and competent people, knowing what they are doing. If there are any.

/ HAX

• Link: Belgian police knew since 2014 that Abdeslam brothers planned ‘irreversible act’ »

0

The haystack dilemma

By on April 28, 2016 in Big Brother, Data Retention, Intelligence, NSA, Privacy, surveillance, US

Binney said that an analyst today can run one simple query across the NSA’s various databases, only to become immediately overloaded with information. With about four billion people — around two-thirds of the world’s population — under the NSA and partner agencies’ watchful eyes, according to his estimates, there is too much data being collected.

“That’s why they couldn’t stop the Boston bombing, or the Paris shootings, because the data was all there,” said Binney. Because the agency isn’t carefully and methodically setting its tools up for smart data collection, that leaves analysts to search for a needle in a haystack.

ZDNet: NSA is so overwhelmed with data, it’s no longer effective, says whistleblower »

0

Next step in EU court case on Data Retention will be July 19

By on April 13, 2016 in Big Brother, Data Retention, ECJ, EU, Human rights, surveillance, Sweden, UK

Very little has been known or reported from yesterday’s hearing on data retention in the European Court of Justice (ECJ).

The hearing was conducted as a part of British and Swedish cases – arguing that data retention in the respective countries should end, as a consequence of the ECJ ruling in 2014 overthrowing the EU Data Retention Directive.

As data retention is found to be in breach of human rights on an EU level, the same should apply on a national level – the argument goes.

I will try to find out more about yesterday’s hearing. And if you find any links, please post them in the comments to this blog post.

The next step in this affair is said to be the Advocate Generals recommendation to the court – to be delivered July 19. (Normally the ECJ will follow this recommendation. But the process is slow, taking several months more.)

/ HAX

2

European court to consider legality of UK surveillance laws

By on April 12, 2016 in Big Brother, Data Retention, ECJ, EU, surveillance

“Blanket retention of communications data, without suspicion, creates a honeypot of information for criminals and hackers, and this case will have implications for personal privacy and the security of individual personal data.”

The Guardian: European court to consider legality of UK surveillance laws »

Update, also see:
The Guardian: MP calls for limit on UK surveillance powers as EU test case opens »

0

Fierce legal battle over data retention in Sweden

By on April 8, 2016 in Big Brother, Data Retention, ECJ, EU, Human rights, surveillance, Sweden

There is a rather interesting legal battle concerning data retention going on in Sweden. Parties are the ISP Bahnhof and the government oversight authority Post- & Telestyrelsen (PTS).

Two years ago, to the day, the European Court of Justice (ECJ) invalidated the EU data retention directive — stating that it is in violation of human rights, especially the right to privacy.

However, in Sweden data retention continues — under a cross-party political consensus. This is to be tried in the ECJ, but is still an open issue.

Meanwhile, Swedish police (and other authorities) are using data retention to demand information about Internet users and their activities from the ISPs.

Referring to the ECJ verdict, the ISP Bahnhof, has refused to share information about minor crimes with the police. After all, data retention was supposed to be about terrorism and other serious criminal activities.

To share information from data retention, Bahnhof requires that the police confirm that it will only be used for investigating serious crimes according to relevant Swedish legal definitions. And Bahnhof demands this information from the police in writing.

The police is not happy about this. Not at all. So it has asked PTS to investigate what can be done. This leading to PTS slamming Bahnhof with a penalty of five million Swedish kronor (some 550.000 euros) if not compliant.

Now, we shall remember that there still is an open case about Swedish data retention in the ECJ. Also, a Swedish administrative court has asked the ECJ for guidance when it comes to the Bahnhof case.

This has lead Bahnhof to ask the Stockholm lower administrative court (Förvaltningsrätten) for inhibition of the PTS decision concerning the fines mentioned above.

Now, this court has granted Bahnhof inhibition — until it has reached a final verdict after careful investigation in the wider context of data retention. However, PTS still can appeal against the inhibition. If so, the case will move up the three-tier Swedish administrative court system.

The bottom line is that a relatively small ISP — backed up by the first ECJ ruling — is prepared to take a fight against the government on data retention. And that the Swedish government is trying to circumvent the ECJ verdict, to maintain mass surveillance.

This is a story to be continued.

/ HAX

Disclaimer: The 5:th of July-foundation, running this blog, is the VPN provider for Bahnhof (and others). Bahnhofs lawyer is also a member of the board of the 5:th of July foundation.

1