Europol document confirms that the EU plans a "common EU law enforcement viewpoint on data retention"


A Europol document dated 10 April 2002 confirms that EU governments and law enforcement agencies are planning a:

"Proposal for common European Union law enforcement viewpoint on data retention"

The confidential document (Expert meeting on cyber crime: Data retention, full-text: pdf) is a detailed agenda for a meeting in the Europol HQ in the Hague entitled: "Expert meeting on cyber crime: Data Retention" and largely concerns a: "Closed session: discussion amongst experts from Law Enforcement". It confirms a previous Statewatch report, see: EU governments working on draft of a binding Framework Decision , that after the formal agreement on the retention of telecommunications data EU governments are planning to introduce a common policy across the EU (and one that will also be obligatory for applicant countries to implement too). It confirms too the long-standing commitment of the EU's law enforcement agencies (police, customs, immigration and internal security services) to get access to telecommunications data - the agenda sets out a Questionnaire sent out to EU states on 3 December 2001 for a:

"List of minimum and optional data to be retained by Service Providers and Telcos [telephone companies]"

The "data that must be retained by Internet Service Providers: Network Access Systems" includes: User-id and password, assigned IP address, number of bytes transmitted and received, and "Optional": Credit card number or bank account for subscription payments. For "E-mail Servers": IP address, message ID, sender, receiver, user ID. "File upload and download servers": ftp log, IP address, User-id and password and underlined: "Path and filename of data objects up loaded or downloaded". For "Web servers": IP source address, "Operation, ie. GET command", and the "path of the operation (to retrieve html page or image file" - this while information on e-mails is limited to traffic and location data for website usage all the details of web pages visited have to be kept.

The questionnaire also covers "Usenet" and "Internet Relay Chat". For normal phone lines telephone companies will have to keep the following information: numbers called (whether connected or not), date, time, length, plus name, date of birth, address and bank account of the subscriber and types of connection the user has eg: phone, ISDN,ADSL etc. For mobile and satellite users: much the same as for phone plus the "identification and geographical location" of the user - this latter factor means that for mobile phone users not just their usage is logged but also their "geographical location".

This document reflects the lengthy saga of laying down law enforcement "Requirements" for service and network providers developed by the FBI and adopted in secret by the Council on 17 January 1995. An attempt in 1998 to get through revised "Requirements" (known as "ENFOPOL 98") met fierce resistance from civil society and was withdraw. Another attempt in May 2001 (ENFOPOL 29" (which became ENFOPOL 55) was also not adopted because of fears of negative publicity and lack of parliamentary scrutiny. The Europol document however picks up all the main points in ENFOPOL 98 (1998) which later became ENFOPOL 55 (2001): See: Statewatch report: The mystery of the missing minutes

 

Spotted an error? If you've spotted a problem with this page, just click once to let us know.

Report error