Archive | Data Retention

LEX Integrity

TorrentFreak reports on the Swedish ISP Bahnhof and the 5:th of July foundation fighting data retention in Sweden–with free VPN for customers. Link »

More information will follow here and elsewhere at the rollout, next Monday.

0

The Swedish data retention drama

Following the European Court of Justice (ECJ) verdict revoking the EU directive on data retention, the issue is developing into some sort of dark farce in Sweden.

While several other EU member states, the lawyers at the EU Council and the EU Data Protection Group have declared that this is the death of blanket data retention–the Swedish government (both the former center-right government and the new social democrat-green one) is keen to continue to store data about all citizen’s all phone calls, text messages, e-mails, net connections and mobile positions.

After the ECJ ruling the responsible Swedish government authority, Post- och Telestyrelsen (PTS) announced that it would not go after telecom companies and internet service providers who wished to end storing the data in question.

And no surprise, most of these companies did.

At the next step, the then Swedish Minister of Justice said that she believed Swedish data retention not to be in breach with European human rights–even though it is a rather direct implementation of the EU directive. This was soon echoed by the incoming social democratic government spokespersons.

So, the issue was sent to a (very small) commission headed by a former national police commissioner. To the surprise of nobody, he presented preliminary findings saying that all is fine with Swedish blanket data retention. (This despite the ECJ:s objections about the “blanket” part of it.)

Before you knew it, PTS changed its position. Totally. Now they declared that it would uphold the Swedish data retention laws and that operators and ISP:s must continue to store data on all citizen’s all telecommunications.

Some did. Others, like Tele 2 didn’t, but was ordered to and finally complied. And one, privacy orientated Bahnhof (Swedens first ISP) refused completely.

At this point Bahnhof and the 5:th of July Foundation took the whole thing to the European Commission, complaining that Sweden doesn’t follow the relevant ECJ ruling and the European Human Rights Charter (that is part of the EU treaties). But yet, there are no indications about what the Commission is going to do about it.

Bahnhof also requested access to the PTS first assessment of the issue, the one leading to no action being taken against those who don’t store this data. That request lead to PTS trying to re-classify the assessment in a way so that it will not be covered by Sweden’s generous freedom of information laws. (This was done in a rather dubious way.) That issue is now developing to a drama in it self.

And now, also Bahnhof has been ordered by PTS to resume data retention. With one difference from the order handed over to e.g. Tele 2: In the Bahnhof case the order is attached with a threat of a fine of some 550.000 euros (five million Swedish kronor).

I guess this is the way you get treated when you stand up against the government.

But Bahnhof is still defiant and its CEO Jon Karlung has promised to present a “plan B” to protect its customers privacy.

This story is to be continued.

/ HAX

3

Swedish ISP forcing EU Commission to act on data retention

As you can see from the blog post below, the EU Commission is avoiding the data retention dispute. The European Court of Justice has declared it illegal and in breach with human rights. This is being ignored by some EU member states–such as the UK and Sweden–who have no intention of ending blanket data retention.

But now the Commission will have to get on top of this controversy. Today Swedish ISP Bahnhof and the 5 July-foundation have filed a formal complaint, urging the Commission to take measures to end Swedish data retention.

This will take matters to a new level. The European Commission is obliged to uphold the EU treaties. And as the Charter of Fundamental Rights prohibits data retention (according to the ECJ)–there should be no alternative for the Commission, other than to act against member states not complying with this ban.

From the press release…

“We will fight in Swedish courts to the end but this is not about Bahnhof and our rights. It is about every citizen’s human rights. Bahnhof has always stood up for privacy of communications. We do not intend to retain traffic data about our customers and we are confident that we have the backing of the EU Charter and Court of Justice.”

Read the press release from Bahnhof and the 5 July-foundation here »

/ HAX

1

EU: Commission dodging data retention dispute

EU member states closely associated with US/NSA mass surveillance (such as the UK and Sweden) have made it clear that they have no plans to end mass retention of data about all citizens all tele- and data communications. (The scheme was introduced with the EU data retention directive*.)

This will put the EU Commission between a rock and a hard place.

The Commission is the guardian of the treaties. One integrated part of the EU treaties is the Charter of Fundamental Rights of the European Union. And the European Court of Justice has invalidated the EU directive on data retention–as it is in breach of human rights, according to the Charter.

So, what will the guardians of the treaties do?

For now, there has been nothing but silence from the Commission. Will it continue to dodge the issue, leaving the data retention issue to the member states?

The people in Berlaymont might want to. But I don’t think they can.

It ought to be irrelevant if the breach of the Charter is in an EU directive or in member states national legislation. The Charter trumps both.

This is the opinion of the lawyers at the European Council, the German secretary of justice, the Austrian supreme court and many others. The group of European data protection authorities–the Article 29 Data Protection Working Party–has given a statement along the same lines…

“…national data retention laws and practices should ensure that there is no bulk retention of all kinds of data and that, instead, data are subject to appropriate differentiation, limitation or exception.”

There you have it.

Blanket data retention is a big no-no.

Sooner or later, the European Commission will have to confront EU member states who persist in carrying out this form of mass surveillance.

/ HAX

* Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC.

1