[registrars] USG asks EU to extend data retention rules....

["Paul M. Kane" <Paul.Kane@REACTO.com>]

I received the following email this morning - which I forward to you
without any comment - but it is important in terms of the current debate
as it impacts the community.......

Best

Paul

   - President Bush has asked the head of the European Union to
     amend privacy laws in Europe so as to allow law enforcement
     access to records of personal communications

   - The proposal is contrary to international human rights norms
     and has been rejected by European Privacy Commissioners and
     by Members of the European Parliament

   - The proposal also adversely impacts the privacy interests
     of US citizens

   - US and European groups are asked to endorse the letter to
     EU President Guy Verhofstadt expressing respectful but
     firm opposition to proposal

   - To endorse: send name of organization and URL, email and fax
     for contact person BEFORE NOVEMBER 11 to eu_letter@epic.org.
     If questions, contact Cedric Laurant <chlaurant@epic.org>

   - Please forward this message to others UNTIL NOVEMBER 11

=================================================================

DRAFT

12 November 2001

Prime Minister Guy Verhofstadt
President, EU Council of Ministers
   Brussels, Belgium

Dear President Verhofstadt:

We write to you on behalf of a wide range of civic organizations in
the United States and Europe to express our concern regarding the
request of President Bush that the proposed EU directive on the
protection of privacy in the electronic communications sector
(COM(2000)385) be altered to allow for data retention regarding the
communications of Europeans and consequently of Americans.  While we
support the President's efforts to take appropriate steps to reduce
the risk of terrorism and to work with government leaders to protect
public safety, we do not believe that this proposal is appropriate
or necessary.

First of all, under United States law there is no similar obligation
for data retention by telecommunications companies. US federal law
recognizes a need to preserve data once a particular investigation
is underway, but it does not create a general obligation for
communication carriers to retain records on customers that are no
longer required by the carriers. President Bush is asking European
governments to impose obligations on European companies that would
not be imposed on US companies.

Second, the European Privacy Commissioners and Members of the
European Parliament have opposed efforts to create new data
retention obligations. In the letter of 7 June 2001 to Mr. Göran
Persson, President of the Council of the European Union, the
Chairman of the Article 29 Working Group wrote that "Systematic and
preventive storage of EU citizens communications and related traffic
data would undermine the fundamental rights to privacy, data
protection, freedom of expression, liberty and presumption of
innocence."

In a July 2001 report by the European Parliament Committee on
Citizens' Freedoms and Rights, Justice and Home Affairs, Committee
Members made clear that restrictions to safeguard public security
and conduct criminal investigations should be appropriate,
proportionate and limited in time and that general or exploratory
electronic surveillance on a large scale could not be allowed.  The
Members also noted that Member States should not have a general
right to request whatever traffic and location data they wished
without the authorities stating a specific reason as to why such
information was needed, and that information should not be stored
longer than was necessary for the transmission of data and for
traffic management purposes.

Third, because communications data often moves between the United
States and Europe, European data retention requirements would
directly and adversely affect the privacy right sof Americans. There
is a significant risk, if this proposal goes forward, that US law
enforcement agencies will seek data held in Europe that it could not
obtain at home, either because it was not retained or because US law
would not permit law enforcement access.

Fourth, the retention of personal information that would otherwise
be destroyed upon the completion of its intended use creates new
privacy and security risks for citizens. Vast databases of personal
data now include sensitive medical information as well as data
revealing political opinions, religious and philosophical beliefs.
These new retention requirements will create new risks to personal
privacy, political freedom, and public safety.

Further, the privacy commissioners have recognized that one of the
best privacy safeguards is to minimize the collection of personal
data where possible. They have consistently affirmed that
confidentiality of communications is one of "the most important
elements of the protection of the fundamental right to privacy and
data protection as well as of secrecy of communications", and that
"any exception to this right and obligation should be limited to
what is strictly necessary in a democratic society and clearly
defined by law." A blanket retention of all traffic data for
hypothetical criminal investigations and for a long period of time
would not respect these basic conditions.

We note also that governments on both sides of the Atlantic have
sought to make secret public information that would otherwise assist
the public in understanding the threats it now faces.   We do not
believe it draws the proper balance in a democratic society for the
activities of government to be concealed from public scrutiny while
the private activities of citizens are made open to government.

Finally, we believe it is inconsistent with well established
international norms for communications privacy, such as Article 8 of
the European Convention on Human Rights and Article 12 of the
Universal Declaration of Human Rights, for governments to compel the
retention of private information for surveillance purposes.
Confidentiality of communication is a central tenet of modern
democratic society. Proposals to reduce the privacy of citizens will
undermine the strength of the democratic state.

We have contacted President Bush regarding our concerns. We
respectfully urge you not to take any steps at this time that may
reduce the privacy of citizens.

Sincerely,

    Electronic Privacy Information Center

    American Civil Liberties Union

    Center for Democracy and Technology

    Electronic Frontier Foundation