German Constitutional Court shoots down new ‘Lawful Access’ Provisions

Germany’s Constitutional Court is one of the few such national institutions that has been brave enough to interpret the right to privacy as actually meaning something that might outweight the state’s desire to know. According to the BBC, in a really strong decision, it has just ruled that a 2008 law, requiring all telecommunications traffic data to be stored for 6 months, violated privacy rights of citizens and should be struck out. Germany had already threatened to veto the European Union’s Telecommunications Directive 2006/24/EC (which came into force last year), a move which prompted the Council of Minister to take the unethical and devious step of redefining the Directive as belonging to the ‘commercial’ field (which requires only majority vote) as opposed to being a matter of ‘security’ (in which there has to be unanimity). We will now see what is the reaction of the German government to their own law being declared unconstitutional, and indeed, what international reverberations this have – the USA will certainly not like this.

(Thanks to ‘Unkraut’ for the pointer)

EU Telecommunications Directive in effect

From today, private lives in the UK will be a little less private, as EU Directive 2006/24/EC becomes part of national law.

Traffic data on e-mail, website visits and Internet telephone calls now have to be recorded and retained by Internet Service Providers (ISPs). Specifically, the Directive mandates the retention of: the source of a communication; the destination of a communication; the date, time and duration of a communication; the type of communication; the type and identity of the communication device; and the location of mobile communication equipment.

This is coming into force despite the fact that many countries and ISPs still object to the directive. It has to be said that many ISPs are objecting on grounds of cost rather than any ethical reason. German courts are yet to determine the constitutionality of the directive and Sweden is not going to implement it at all.

As with many of these kinds of laws, it was rushed through on a wave of emotion after a particular ‘trigger event’ – in this case, the 7/7 bombings in London in 2005. There was a whole lot of devious practice in the Council of Ministers to get it passed too – if the Directive had been considered as a policing and security matter, it would still have needed unanimity, which means that the objections of Germany and Sweden would have vetoed the Directive. Instead, it was reclassified as ‘commercial’ on the grounds that it was about the regulation of corporations, and commerical matters need only a majority vote. How convenient…

The Home Office in Britain says our rights are safe because of RIPA, which is hardly cause for rejoicing. My main concerns, apart from the fact that this is yet another moment in the gradual erosion of private life, are that:

1. police access will rapidly become routine rather than specific, and this could be extended to many other public authorities – the original drafts of the Communications Bill would have extended the right of access to such data to all RIPA-empowered organisations (which includes most public authorities);

2. the data will be used illicitly by ISP employees for criminal purposes (remember that most identity thefts are inside jobs) – the records will be a blackmailers delight;

3. there will more ‘losses’ of this data by ISPs and others who have access to it. Remember the accidental revelation of user data by AOL in the USA?