Originally published at The American Thinker.
The scandal over PRISM, the NSA’s alleged secret backdoor into some of the biggest services on the internet, shows little sign of dying down. But while PRISM’s data mining has been hidden away from the eyes of American citizens, over in Europe there is a mass surveillance program that’s been operating out in the open for the last eight years. The European Data Retention Directive forces all EU Internet Service Providers to log data on its users and store that data for up to two years after their subscription ends. Something similar could be heading to U.S. shores.
In March, the author of the Patriot Act James Sensenbrenner, who was quick to condemn PRISM, made his second attempt to push for ISP data retention laws, hoping to tack proposals onto the 1986 Electronic Communications Privacy Act. After questioning from journalists Sensenbrenner backed down. But with Obama’s Justice Department fully supporting data retention, this latest skirmish is just the start of a long war that could see ISPs legally forced to record details of every website you’ve ever visited. In this article we’ll take a look at what data retention is, the impact it’s had on privacy in Europe, and what you can do to protect yourself.
What is Data Retention?
Data retention is, essentially, when your ISP logs and stores the personal data attached to your IP address (unlike PRISM, which focuses on cloud-based internet services). The data an ISP typically stores includes web logs, which let them know exactly what websites you have visited and when you visited them. An ISP will also store email logs (though not the contents), if you’re using their email services — or let law enforcement know about which third-party email services you use. All of this data will be linked to your IP address, which in turn is linked to your physical address and can be used to identify you.
As I mentioned, mandatory data retention laws are already in place in certain parts of the world, but Europe has pioneered the practice. The 2006 European Data Retention Directive has been enacted in the vast majority of EU nations, but not without huge controversy. In fact, Germany — the EU’s biggest economy — is currently facing heavy fines because its own High Court court ruled the directive unconstitutional and a violation of citizens’ privacy rights.
The EU Catastrophe
he fears of German citizens are not theoretical either. The UK government has been one of the EU’s most enthusiastic supporters of data retention, as well as online surveillance in general, and its citizens have suffered because of it. In 2000 the UK enacted the Regulatory Investigatory Powers Act (RIPA), which allowed public bodies to carry out surveillance of citizens without a warrant. RIPA, combined with the Data Retention Directive, has had grave repercussions for the online privacy of UK citizens. Over 400 UK agencies and police forces are now able to access data from ISPs with no judicial oversight whatsoever. These agencies include everything from pension regulators, to agricultural agencies. In April 2008, a family from the UK county of Dorset were put under surveillance by their local council. The couple were not terrorism suspects, nor engaging in criminal activities. They were simply under suspicion for sending their children to a school outside the council’s catchment area.
The above case is not isolated. In 2009 alone there were over 1,700 requests made by UK agencies for ISP data on UK citizens which required a warrant. In the same year there were over 500,000 requests for data from agencies that did not require a warrant. The UK government now refuses to make public the number of information requests made by authorities and agencies, claiming it would undermine national security.
Global data retention
The EU’s data retention practices are catching on globally. In Australia, the current government is pushing hard for even longer periods of retention than Europe, with law Australian enforcement stating they’d prefer ISPs hold onto personal data indefinitely. As we saw with Congressman Sensenbrenner’s latest proposals, the U.S. won’t be immune to this global trend.Christopher Reynolds
About the Author: Christopher Reynolds is Head of Business Development for IVPN, an online privacy service for journalists and privacy-conscious individuals.
If you don't see your comment after publishing it, refresh the page.