EU reveals phone, e-mail snooping plans
The European Directive recommends retaining communications data for six months. Civil liberties groups protest the proposal.
The latest version of the directive, made public by the European Digital Rights organization, aims to standardize the amount, type and length of time communications services providers will have to store details about their customers' phone calls, emails, faxes, SMSes, IMs and other electronic communications, including location details of mobile phone calls.
If passed, the directive will force telecommunications companies to store information on "traditional fixed and mobile electronic communication services" for one year and IP-based communications for six months.
For calls made between two VoIP users, information will be retained for six months. However, for calls that originate over IP but connect to a normal landline or mobile, data will be held for a year.
While the data held by communications companies won't include the content of the calls or e-mails themselves, it will ensure that law enforcement agencies can identify the sender and recipient and, for mobile calls, the location of the caller.
According to the EU, there will be a "limited invasion of privacy" and "a limited impact on the competitiveness of the electronic communications industry," as telecommunications companies across Europe will have to capture and retain large amounts of data on their customers. The EU, however, has said ISPs and the like should be compensated for any additional expense they incur as a result of the directive.
The European Commission said the measures are now "urgent" and necessary for the "prevention, investigation, detection and prosecution" of criminals and terrorists.
A number of human rights and civil liberties organizations have banded together to oppose the mandatory retention of data and are petitioning the EC to drop the plans. Their petition says that "no research has been conducted anywhere in Europe that supports the need and necessity of creating such a large-scale database containing such sensitive data for the purpose of fighting crime and terrorism."
A similar conclusion was reached last month by the European Parliament, which adopted a report questioning the necessity of a separate but similar data retention proposal, put forward by four EU member states.
The European Parliament's report confirmed it had "sizeable doubts concerning the choice of legal basis and proportionality of the measures" and was concerned it placed "enormous burdens" on the telecommunications industry, which it put at around $217 million for initial expenses and $60.5 million a year in running costs per firm.
The EU's plan for data retention will also necessitate the creation of a new body of law enforcement agents, the tech world and data protection authorities, which will be charged with translating the directive for emerging technologies.
The EC is expected to formally propose the directive this month and, if it becomes law, will review the directive's performance after three years and analyze how useful the retained information has been to police and intelligence services.
Jo Best of Silicon.com reported from London.