6 December 2005

To all Members of the European Parliament

We the undersigned are calling on you to reject the 'Directive of the European Parliament and the Council on the Retention of Data Processed in Connection with the Provision of Public Electronic Communication Services and Amending Directive 2002/58/EC' when it comes to a plenary vote on December 12, 2005.

Adopting this Directive would cause an irreversible shift in civil liberties within the European Union. It will adversely affect consumer rights throughout Europe. And it will generate an unprecedented obstacle to the global competitiveness of European industry.

A Directive Fraught with Problems

In the Information Society every human action generates transaction logs. Our movements, our purchases, and our interactions with others can be routinely logged in public and private sector databases. In recognition of this, the European Union led the world in establishing a data privacy regime to limit the collection, processing, retention, and accessing of this information. Now the Council is demanding that the European Parliament reverse its position and lead the world in introducing mass surveillance of our activities.

Under existing EU law many of these logs are already available for law enforcement purposes for as long as the telecom industry service providers retain them for business purposes. Justice and Home Affairs officials are pushing to make available even greater stores of information.

The Directive proposes the collection of information on everybody's communications and movements. The storage of such "communications traffic data" allows whoever has access to it to establish who has electronically communicated with whom and at what time and at which location, over months and years.

In recent meetings with the Justice and Home Affairs Council on 1 and 2 December 2005, it appears that the European Parliament suddenly agreed to the collection of information on everybody's communications and movements for very broad law enforcement purposes, in spite of having rejected this policy twice before.

We call on the Members of the European Parliament to reject this policy for the following reasons.

1. This Directive invades the privacy of all Europeans. The Directive calls for the indiscriminate collection and retention of data on a wide range of Europeans' activities. Never has a policy been introduced that mandates the mass storage of information for the mere eventuality that it may be of interest to the State at some point in the future.

2. The proposed Directive is illegal. It contravenes the European Convention on Human Rights by proposing the indiscriminate and disproportionate recording of sensitive personal information. Political, legal, medical, religious and press communications would be logged, exposing such information to use and abuse.

3. The Directive threatens consumer confidence. More than 58,000 Europeans have already signed a petition opposing the Directive. A German poll revealed that 78% of citizens were opposed to a retention policy. The Directive will have a chilling effect on communications activity as consumers may avoid participating in entirely legal transactions for fear that this will be logged for years.

4. The Directive burdens EU industry and harms global competitiveness. Retention of all this data creates additional costs of hundreds of millions of Euros every year. These burdens are placed on EU industry alone. The U.S., Canada and the Council of Europe have already rejected retention.

5. The Directive requires more invasive laws. Once adopted, this Directive will prove not to be the ultimate solution against serious crimes. There will be calls for additional draconian measures including:

• the prior identification of all those who communicate, thus requiring ID cards at cybercafes, public telephone booths, wireless hotspots, and identification of all pre-paid clients;
• the banning of all international communications services such as webmail (e.g. Hotmail and Gmail) and blocking the use of non-EU internet service providers and advanced corporate services.

An Illegitimate Process

Proponents of retention policy are sweeping these concerns aside and are harmonising measures to increase surveillance while failing to harmonise safeguards against abuse. European opposition has been high, and the arguments against reasoned and justified. The continued life of this policy in Europe is inexplicable save for the illegitimate policy process that is being pursued by the policy's proponents.

These proponents claim that retention is spreading across Europe. In fact, less than five countries have some form of mandatory data retention in place, and even fewer apply the practice to internet services.

The Council is demanding that the European Parliament approve a regime that parliaments in the Member States have already rejected. For instance the UK Presidency is proposing a policy that has already failed in the UK Parliament. The Council is trying to make the Parliament complicit in this act of policy laundering.

A Key Moment

As the EU embarks on this unprecedented policy, we are facing a momentous decision as to whether we wish to set in motion a chain of events that will lead to a surveillance society.

Once a surveillance regime begins it always expands. As the European Data Protection Supervisor has stated in his opinion, the mere existence of data might lead to increased demands for access and use by industry, law enforcement authorities, and intelligence services. Already, restrictions agreed on in the Committee for Civil Liberties were pushed aside in secret negotiations with the Council.

Though the Council claims retention will combat terrorism, for years it has rejected limiting the legislation to such investigations. Even if access to this data were limited by the Parliament to a list of serious crimes nothing prevents the expansion of this list: already the Copyright Industry has called for access to this data to combat file-sharing online.

Any reimbursement of costs to service providers, like most other surveillance cost-recovery experiments, will likely be temporary. Eventually the costs and burdens generated by this policy will be seen as 'the cost of doing business' and will be passed on to individual consumers as 'the cost of communicating in Europe'.

The only way we can prevent this chain of events is by following the example of other countries around the world and rejecting this policy in its entirety.

Promises are Not Enough

The European Data Protection Supervisor and the Article 29 Working Party of European Privacy Commissioners, as well as the European Parliament itself, have repeatedly stated their convictions that the case for retention has not been made. And their calls for standards and necessary safeguards have gone unheeded. The concerns of civil society and the telecommunications industry have also not been adequately addressed.

This policy continues only due to secret processes, agreements established without scrutiny, and through fast-tracking of debate because the Council fears open and democratic discussion on these matters. This is evidenced by the lack of similar policies in Member States where Parliamentary scrutiny is constitutionally required.

The EU should follow the example of open and democratic countries that have instead chosen to implement a preservation regime where data is collected and retained only for a specific investigation and then is accessed through court orders.

We, the undersigned, call on Members of the European Parliament to recognise the significant threat to European civil liberties, consumers, and industry and to therefore reject the Directive on communications data retention.

Gus Hosein, Privacy International and Sjoera Nas, EDRI

Privacy International
European Digital Rights
Foundation for a Free Information Infrastructure
Statewatch

Associação Nacional para o Software Livre (PT)
Association for Progressive Communications (International)
Attac AG Wissensallmende (DE)
Bits of Freedom (NL)
BlueLink Information Network (BG)
Bürgerrechte & Polizei/CILIP (DE)
Bulgarian Institute for Legal Development (BG)
CPSR- Canada and ES
Coopération-Solidarité-Développement (FR)
Deutsche Vereinigung für Datenschutz e.V. (DE)
Digital Rights Denmark (DK)
Digital Rights Ireland (IE)
Changenet.sk (SK)
Chaos Computer Club (DE)
Communication Rights in the Information Society (EU)
Consumentenbond (NL)
Consumer Project on Technology (US)
EDRI-observer Aljaz Marn, privacyblog.net (SL)
Electronic Frontier Foundation (US)
Electronic Frontier Finland (FI)
Electronic Privacy Information Center (US)
Emancipation syndicale et pédagogique RP (FR)
European Federation of Older Persons (EU)
Fairfax County Privacy Council (US)
Fédération Informatique et Libertés (FR)
Federation of German Consumer Organisations (DE)
Federation of Library and Information organisations (NL)
Fitug e.V. (DE)
FoeBuD e.V. (DE)
Forum InformatikerInnen für Frieden und gesellschaftliche Verantwortung e.V. (DE)
Foundation for Information Policy Research (UK)
Foundation Metamorphosis (MK)
Fundacio Escula Latinoamericana de Redes (Venezuela and IT)
GreenNet (UK)
Gustav Heinemann-Initiative (DE)
Helsinki Foundation for Human Rights (PL)
Humanistische Union (DE)
Institute of Network Cultures, Amsterdam (NL)
Internet Society Bulgaria (BG)
Internet Society Poland (PL)
IP Justice (US)
IRIS - Imaginons un réseau Internet solidaire (FR)
ISPO, Internet Service Providers Association (NL)
Iuridicum Remedium (CZ)
Joint Declaration on Data Retention (DE)
Ligue ODEBI (FR)
Liberty (UK)
Netzwerk Neue Medien e.V. (DE)
Öko-Referat, Ruhr-Universität Bochum (DE)
Open Rights Group (UK)
OpenSky (CH)
Option consommateurs (Canada)
Pangea.org (ES)
Peacelink (IT)
Privacy Activism (US)
Privacy Commissioner for Brandenburg, Dagmar Hartge (DE)
Privacy Commissioner for Berlin, Dr. Alexander Dix (DE)
Privacy Commissioner of the Free and Hanseatic City of Hamburg, Hartmut Lubomierski (DE)
Privacy Commissioner for Mecklenburg-Vorpommern, Karsten Neumann (DE)
Privacy Commissioner for Niedersachsen, Burckhard Nedden (DE)
Privacy Commissioner for Schleswig-Holstein, Dr. Thilo Weichert (DE)
Privacy Rights Clearinghouse (US)
PROSA - Forbundet af It-profesionelle (DK)
Public Interest Advocacy Centre (Canada)
quintessenz (AT)
Stand (UK)
Stichting Vrijschrift (NL)
Stop1984 (DE)
Strawberrynet Foundation (RO)
Swiss Internet User Group (CH)
Syndicat de la magistrature (FR)
ver.di Fachgruppenvorstand Banken (DE)
VIBE!AT (AT)
The Winston Smith Project (IT)
Transnational Radical Party
XS4ALL (NL)
Xtended Internet (NL)
Unabhaengiges Landeszentrum fuer Datenschutz Schleswig-Holstein (DE)
Unimondo Italy (IT)
Vereniging van Openbare Bibliotheken, Netherlands Public Library Association (NL)
Zöld Pók Alapítvány (HU)