Immediately after the London attacks on 7 July 2005, the National High Tech Crime Unit sent an e-mail to the UK provider association and to the London Internet Exchange asking for voluntary help in preserving traffic data of telephone and internet, but also the contents of e-mails, voice-mails and SMS. Some technicians outside of the UK responded in outrage at this request, comparing the request to asking the Postal Services to photocopy all post and pointed out the technical impossibility of storing tens of millions of e-mails a day.

But the UK ISP world remained extremely silent. Now it turns out the preservation was voluntarily offered by UK ISPA and it also turns out this is not the first time UK ISPs have voluntarily preserved massive amounts of sensitive data on all their customers. After the New York attacks, on 14 September 2001 the UK ISPA already recommended giving in to a preservation request from the Crime Unit. As one anonymous UK ISP remarked in a technical conversation: "they took six months to get back to us, without even mentioning they wanted the data." After that, the ISP deleted the records, because of the massive amount of necessary hard-disk space.

On Wednesday morning 13 July 2005 UK Home Secretary Charles Clarke met with the European Parliament Committee on Citizens' Rights, Justice and Home Affairs (LIBE). His plan to push through data retention during the UK presidency of the European Council, no matter in what pillar, met with great protest. The Social-Democrats, the Greens and the Liberals all referred to the legal advices recommending the issue should be dealt with in the first pillar, i.e. on a directive proposal from the European Commission and with full co-decision from the European Parliament. The liberal rapporteur on data retention, Alexander Alvaro, perhaps used the strongest words when he said "the LIBE Committee was not to be pushed into blind obedience" by the UK.

The influential social-democrat vice-president of the committee, Stavros Lambrinidis, added some very sharp questions about the lack of proof of the effectiveness of biometrics, of ID cards and of data retention. He also questioned the intentions of the JHA Council to deal with data retention without the full democratic scrutiny. Clarke said it didn't matter to him how the decision would be taken, as long as it was during the UK presidency, i.e. before 31 December 2005. He also explained he reached agreement with the European Commissioner for Justice, Frattini, to jointly work out a proposal that could be adopted within that timeframe. He didn't explain how he would deal with a possible rejection by the European Parliament. The group coordinator from the Greens, Kathalijne Buitenweg, immediately reminded Clarke the Parliament would take the Council to court if they proceeded on the third pillar path.

On 21 June 2005 the Italian collective Austistici/Inventati discovered a major police backdoor in their server. The server hosts a large number of websites, mailboxes, mailing lists and Internet services for NGOs, grassroots activists and public interest associations. The backdoor was installed over a year ago, on 15 June 2004 by the Italian "Polizia Postale" (Postal Police), after a seizure ordered by the Procura di Bologna (Office of the Public Prosecutor in Bologna) in the context of an investigation into the anarchist collective Crocenera.

The legal owners of the server ('Investici', a legally recognised association) were not informed, nor by the police nor by the public prosecutor. The provider claimed that the downtime - caused by the Police putting the server off-line - was due to a power outage.

A coalition of 6 French organisations against the French biometric card project INES (among them EDRI-member IRIS, see EDRI-gram 3.11) remains convinced that 'no consensus is possible' to accept the project if modified according to the suggestions made by the Internet Rights Forum ('Forum des droits sur l'Internet' or FDI, a private association mainly funded by the French government.) The Forum was asked to organise a public debate about the project. The results were published on 16 June 2005 and presented to the French ministry of Interior.

The FDI organised both online and off-line debates between February and May 2005. Public meetings were held in 6 main French towns, and the online forum collected over 3000 messages from 683 unique contributors. In addition, a poll was conducted amongst a representative sample of 950

On 28 June the UK government narrowly won a vote on its identity card proposals in the House of Commons, seeing its majority halved to just 31. The previous day the UK Information Commissioner, Richard Thomas, expressed strong concerns over the government's plans for a biometric national identity card and database. He particularly criticised the scheme's "disproportionate and excessive" storage of personal information and the wide range of uses that would "permit function creep into unforeseen and perhaps unacceptable areas of private life".

On 27 June the London School of Economics published "The Identity Project: an assessment of the UK Identity Cards Bill and its implications". The report looks at the potential costs and benefits of the government's proposals, and finds that the scheme may be both more expensive and less

The US has signalled that it will modify its biometric passport requirements for travellers from Visa Waiver countries. EU countries have been struggling to meet an October 2005 deadline set by the US to introduce new passports with biometric identifiers.

The 2002 US Border Security Act demands from 27 countries the inclusion of chips with facial images in their passports, in order to continue participation in the US Visa Waiver programme. A deadline was set for 26 October 2004 after which citizens from most EU countries would either have to present a biometric passport or a visa to enter the US. In June 2004 the US House of Representatives agreed to a one-year extension until 26 October 2005.

But most EU countries will not be able to introduce passports with contactless chips by that time. Travellers from those countries would have to apply for visa if the US maintains its demands. This would result in a chilling effect on US tourism and commerce while overstressing the US consular system with visa applications. Governments on both sides of the ocean have been looking for an acceptable solution.

The Belgian police has doubled the number of judicial telephone wiretaps in 2004. From 1.336 intercepts in 2003, they went to 2.562 intercepts in 2004. In 2002, the number was below 900. In Belgium, an intercept law was adopted in 1994 that allowed for telephony wiretaps, if authorised by an investigating magistrate and for a limited number of crimes.

The Belgian newspaper De Tijd writes the rise in the number of intercepts is probably due to the greater technical ease since the creation of the Central Technical Interception Facility (CTIF). Also, previously the law demanded that each intercept had to be fully typed out, costing approximately 12 man-hours per hour of intercept. A wiretapping order in Belgium is valid for 6 months, but the police have to report to the investigating magistrate every 5 days.

The Swedish anti-piracy group Antipiratbyrån made the news with yet another embarrassing incident. The Swedish data protection authority has forbidden the organisation to collect the IP-addresses of internet users engaging in file sharing. In an incident reported earlier in EDRI-gram, the group convinced the police to raid the offices of Bahnhof, the oldest and largest Swedish ISP, and confiscate 4 servers with unlawfully uploaded content. But Bahnhof in turn successfully accused the anti-piracy group of uploading the illegal material themselves.

The group used special software to record the IP-addresses of file swappers, the file name and the server through which the connection was made, and tried to link them to individuals by sending over 2.000 complaints a day to internet service providers. Thousands of Swedish internet users complained to the DPA about this practice. They found the DPA on their side. The group had no right as a private enterprise to collect the information in the first place, the DPA ruled.