EDRI has obtained secret documents in preparation of a Declaration against Terrorism that will be published during the Spring Summit of EU heads of state. The draft from the Irish presidency specifically mentions the need to prioritise mandatory data retention for GSM and internet providers. The Commission input for the Summit, issued a few days earlier, does not mention data retention, but proposes many other measures that will have a chilling effect on the daily lives of European citizens and their freedom to travel and communicate.
The desire for mandatory data retention was already expressed last week, on 19 March, during an emergency meeting of the EU's Justice and Home Affairs ministers in Brussels. Following a German initiative, the ministers discussed a catalogue of measures in the fight against terrorism. It does not come as a surprise that the hardcore law enforcement faction in the Council of Europe used the occasion to put several long-term projects in the spotlight.
Some of the bombs used in Madrid two weeks ago were detonated with modified mobile phones. This gave UK Home Secretary David Blunkett (the Minister of Internal Affairs) the opportunity to declare that it was necessary for providers to retain all traffic data from cell phones as well as from other forms of electronic communication. The UK delegation to the European Union and other surveillance hard-liners have been pushing this project for more than five years.
Anti-terrorism measures will be on top of the agenda of the EU Spring Summit, which will be held in Brussels on 25 and 26 March. EDRI has obtained confidential documents preparing a draft declaration on fighting terrorism for that meeting. The document from the Irish Presidency to the Council says: "The European Council, with a view to the further development of the legislative framework set out above, instructs the Council to examine measures in the following areas: proposals for establishing rules on the retention of communications traffic data by service providers; (...)", and: "Priority should be given to the proposals under the retention of communication traffic data (...) with a view to adoption by June 2005."
It is an open secret that law enforcement hawks started to draft a Framework Decision that would introduce mandatory retention of telecommunication data immediately after the directive on privacy and electronic communications (2002/58/EC) was passed in May 2002. The Directive contains a paragraph (Article 13) that explicitly allows retention of traffic data "when such restriction constitutes a necessary, appropriate and proportionate measure within a democratic society to safeguard national security (i.e. State security), defence, public security, and the prevention, investigation, detection and prosecution of criminal offences or of unauthorised use of the electronic communication system."
Like the Council, the Commission calls for a number of understandable anti-terrorism measures, such as a database of terrorists, better tracing of weapons and explosives and new procedures for banning organisations. Member states also want to establish an EU co-ordinator for the fight against terrorism, and link secret services up with each other and police forces. Some countries are in favour even of what has been referred to as an 'EU CIA', but at the moment, this idea doesn't seem to have any suppport from the large EU members such as the UK and France.
But the proposal from the Commission goes way beyond the immediate threat of terrorism and reads more like a general call for heavy electronic surveillance of all European citizens.
The Commission paper mentions the need to enhance the exchange of data in general, "including through enhanced access to data not produced for law enforcement purposes." The document does not specify the kind of databases that this measure refers to.
Another remarkable proposal from the Commission is to publish a proposal 'by the middle of 2004' to allow the use of European passenger data (PNR) for 'other law enforcement purposes'. The wording is identical to the very broad use the United States wish to make of PNR-data, in direct violation of EU privacy-legislation and as such strongly opposed by the European Parliament.
The Commission also suggests "(...) upgrading existing databases such as SIS II with new functionalities, as well as making full use of advanced technologies such as satellite enhanced (GALILEO) RFID (Radio Frequency Identification Device) tracking."
On the issue of biometric data in new EU passports, the Commission now wishes to add the fingerprint to the mandatory requirements. In previous plans this was just an option, on top of the requirement of an electronical facial image. The documents says: "(...)the possibility to adjust the pending Commission proposal on EU passports by making fingerprints mandatory and to extend it to Identity Cards and other travel documents."
Finally the Commission suggests a specific measure for mobile phones. Reprogramming should be criminalised and "measures should be taken so that the sale of replacement SIM cards does not impede the efficient actions of law enforcement authorities."
Documents Commission and Presidency preparing a draft Declaration (19-22.03.2004)
http://www.edri.org/?id=000100000141
Irish presidency press release JHA-council (19.03.2004)
http://www.ue2004.ie/templates/news.asp?sNavlocator=66&list_id=438
Statewatch on EU Emergency Justice and Home Affairs Council (March 2004)
http://www.statewatch.org/news/2004/mar/16jha-prel-19March.htm
Agenda EU Spring Summit 25-26 March 2004
http://europa.eu.int/comm/councils/bx20040325/index_en.htm
Press release European Commission on counter terrorism efforts (12.03.2004)
http://europa.eu.int/rapid/start/cgi/guesten.ksh?p_action.gettxt=gt&am...
(Contribution by Andreas Dietl, EDRI EU affairs director)