By Annalee Newitz
ON DEC. 15, the European Parliament voted yes on a directive that will let police spy randomly on the citizens of the EU's 25 member countries. What's really sneaky is that the directive, often called the Directive on Data Retention, doesn't create new forms of surveillance. In fact, there's nothing in the directive at all about special snooping powers.
This might seem surprising to people who live in the United States, where the president has recently been roasted for bending the rules on wiretaps. The EU directive manages to do something far more catastrophic than granting extra wiretaps.
Instead, it lays the groundwork for a more effective surveillance state by mandating that communications companieslike cell-phone and Internet providerssave information about everything their customers do on their mobile phones or online. This information must be retained for at least six months, but some countries are taking the directive much further: Poland will be keeping the data for 15 years.
Why get a wiretap order when you can just data-mine the hell out of everybody? So everything EU citizens say to each other via cell or email will be saved for possibly years on end.
The European Commission, the EU's executive body, proposed this directive explicitly for law enforcement purposes, after being pressured by anti-terrorist agencies and entertainment-industry groups who want to stop file sharers.
With a new wealth of communications data, law enforcement can go on fishing expeditions for suspects of all descriptionsthe directive places absolutely no limits on the kinds of crimes that can be investigated with this storehouse of personal data.
Who doesn't love the idea of catching a copyright infringer and a potential terrorist in one fell swoop, using nothing more than a computer terminal? It's like armchair authoritarianism. Supposedly, the privacy of Europeans will be protected because the directive does not require companies to save the content of what people are sayingonly whom they talked with, as well as when and where they did it. So if I'm in England, and I call some guy in Germany, my cell provider keeps a record that says I talked to Grosse Eier from London at 2:45pm, but it has no idea what we said to each other. But if Eier happens to be convicted of a computer crime, the mere fact that I spoke to him could be used as evidence to search my own computersor my house.
As if that weren't creepy enough, it's very hard to separate content from other stuff when you're online. When you're online in Europe, your local ISP will probably keep a record of "where you go" by saving the addresses of the URLs you visit.
But a URL can obviously reveal a lot about the content of what you're doing. When you do a Google search, for instance, your search terms will appear in the URL that presents the search results to you. So the ISP won't just see that you're visiting Googleit will also see that you visited Google to learn more about "subversive Polish political propaganda." Think the Polish authorities are going to look kindly on that when they find it in 10 years? No, I don't think so either.
For the past year, groups like European Digital Rights (EDRi) and Privacy International have been campaigning like crazed robots to stop the European Parliament from passing the Directive on Data Retention. They lobbied; they petitioned; they appealed to reason. EDRi even pointed out that the directive isn't just bad policyit's bad economics. Every ISP and mobile-phone service will now be forced to build facilities that can hold years of communications data for millions of people. But the majority of parliament voted yes anyway.
EU member countries will begin implementing the first pan-national experiment in total communications logging over the next couple of years. Soon, it will be impossible to go online or make a cell-phone call anywhere in Europe without leaving a very detailed trail behind you. What's amusing and sad about all this is that citizens of the United States willingly gave up their right to online privacy long ago, without any fight at all. Everyone who stores their email on Google or Yahoo! or Hotmail is creating the same kind of data reserve that the European Parliament created with the Directive on Data Retention.
Maybe the EU should learn something from all those Americans happily building a surveillance gold mine without any inducement other than free email. Why pass laws when you can just work with Google?
Annalee Newitz (firstname.lastname@example.org) is a surly media nerd who can't wait to watch the market for non-European ISPs go crazy.
Send a letter to the editor about this story.