The telephones lines in the EU Justus Lipsius building in Brussels, home of the Council of Ministers, have been tapped for many years. The bugging devices were discovered in the rooms of the delegations of Britain, France, Germany, Spain, Italy and Austria. The devices were placed on lines between the central switchboard and the national delegations.

The German delegation ordered their Federal Office for Information Security (BSI) to examine the bugging devices. The expert called the building 'wired like a pinball machine'. It is suspected that the devices were installed during the construction of the building in 1995.

After discovery of the bugs a trap was set up to find out if the devices would be 'serviced' by the spying agency that had placed them. Nobody showed up and it is still unclear which country is responsible for the bugging.

According to an item on Warsaw Polish Radio 1 on 19 March 2002, telecommunication providers in Poland have received an order from the Ministry of Infrastructure to install email wiretapping equipment.

In the item counsellor Daniel Wieszczycki stated the order is contrary to the Constitutional right of secrecy of correspondence. In pursuance of the order, the operators are obliged to connect their lines to authorized surveillance institutions. These are the Internal Security Agency, the Intelligence Agency, the Military Gendarmerie, the Border Guard, the police and the military intelligence.

Counsellor Wieszczycki emphasized that the Internet communities have already announced that they would take the order to the Constitutional Tribunal. He said: "we noticed some characteristics of this order, such as a lack of respect for the Constitutional right to protection of secrecy of communication. Indeed, it orders the application of technical solutions which will make impossible court supervision of the installation of such monitoring provisions or of surveillance in general..."

During last weeks CFP conference (Computer Freedom Privacy) in New York, Simon Davies from UK EDRi-member Privacy International announced the winners of the Stupid Security Awards. The jury received some 5.000 nominations from 35 different countries. Though most of the winners are American, Europe also produced some very noteworthy stupid security measures. UK mobile phone company T-Mobile won a Most Annoyingly Stupid Award 'for pointless and idiotic financial security measure'. T-Mobile won't let anyone pay more than fifty pounds a month from a bank account, for unspecified 'security' reasons. Runner-Up for the Most Egregiously Stupid Award was Moscow Mayor Yury Luzhkov for the "Propiska" Identity Papers, while UK Heathrow Airport was selected the runner-up for the Most Inexplicably Stupid Award.

The French Constitutional Council recently validated the Internal Safety Law ('Loi sur la sécurité intérieure'), adopted by the Parliament on February 13. This decision has been commented by the Human Rights League - LDH, the French member of the International Human Rights Federation - as a 'step backwards for the rule of law'.

Among the many provisions infringing privacy and other human rights, one authorizes the immediate access by Law Enforcement Authorities to the computer data of Telecommunications Operators, including Internet Access Providers, as well as of almost any public or private institute, organization or company. The second important measure authorizes the searching without warrant of any information system, provided that its data are accessible through the network from a computer being searched with a warrant (e.g. all computers in a P2P network may now be searched on the basis of a single warrant for one of them). If the data are stored in a computer located in a foreign country, then their access remains subject to applicable international agreements.

The European data commissioners (through the Article 29 working group) have pleaded for a maximum storage period of half a year for traffic data that telecommunication companies store for billing purposes. With the opinion paper the working group tries to limit the duration and scope of traffic data storage.

"Traffic data should be kept for as long as necessary to enable bills to be settled, and disputes resolved. Ordinarily this involves a maximum storage period of 3-6 months and no longer in cases where bills have been paid and do not appear to have been disputed or queried (having regard to the privacy right of individual subscribers)".

The working group also pleas for the stored traffic data to be limited to the necessary data. The opinion paper does not point out which data is necessary for billing purposes and which not. It is a fact that many GSM providers justify the storage of location data for the sole use of billing purposes.

Telecom providers in Switzerland must register user data for prepaid cards and keep the data available for a period of 2 years. Parliament decided today to add this obligation to a series of new anti-terrorism measures. None of the EU member states have a similar obligation. Telecom providers have always argued against mandatory identification, pointing at the high costs for the extensive network of resellers and the probability of people helping out criminals by buying prepaid cards for them.

The large support for the new measure seems to stem from the discovery that at least 1 Al Qaeda member used a Swiss prepaid card. Switzerland used to be one of the few countries worldwide to sell prepaid cards for international roaming. The new measure doesn't just require identification for those specific roaming-cards, but for all users of all prepaid cards. In her defence of the measure, the Swiss justice minister Ruth Metzler produced some statistics about telecommunications interception in Switzerland. Last year, law enforcement authorities made 80.000 requests for the identity of telephone users, resulting in 6.000 court-approved wiretaps. Of the 80.000 identity-requests, 30.000 were prepaid mobile phones.

From 5 March onwards, USA officials will have direct electronic access to databases with EU passenger data. On 19 February, U.S. Deputy Customs Commissioner Douglas Browning and officials of the European Commission agreed to give the custom officials direct access to the personal data of passengers flying to, from and through the United States.

These databases don't just include names of passengers, but also itinerary, phone and credit card number, time of booking and possible changes. The discussion about data of a sensitive nature, such as meal preferences, was closed with a recommendation to jointly develop measures to protect these data, preferably before 5 March 2003.

In return, 'US Customs undertakes to respect the principles of the Data Protection', at least, as long as these principles don't stand in the way of the secret services. 'US Customs may provide information to other US law enforcement authorities only for purposes of preventing and combating terrorism and other serious criminal offences, who specifically request PNR information from US Customs.'

There is not much research done about privacy and digital civil rights in the Baltic EU accession countries (Estonia, Lithuania and Latvia). Estonia refers to itself as E-stonia, with the ambition to outclass even Finland as ICT-nation. Groundwork was done by the Open Society Institute in Lithuania, resulting in the report Digital Lithuania in 2001 by Marius P. Saulauskas.

In spite of extreme pessimism about the level of ICT-development in 2001, seventy-four percent of the interviewed Lithuanians felt that the development of an information society would favourably influence the Lithuanian economy. With Parliament reviewing the conclusions, the study has become an important factor in official plans for Lithuania's development over the next 15 years. In cooperation with the Ministry of Economical Affairs, the Institute launched a website to allow people to express their opinions about the development program.