One I wrote earlier: Edward Snowden’s revelations are not new: Follows my 8 November 2001 article about a British-led campaign to allow the mass surveillance of the European public led by European officials, working since September 1995 to arm themselves with the power to access the communications records of Europe’s telephone and internet users – whether terrorist suspect or not.
Today the Council of Europe approves a major treaty on combating cyber crime. It gives new impetus to a British-led campaign to allow the mass surveillance of the European public – a campaign that long predates similar calls made in the wake of 11 September and the onset of the ‘War on Terror’.
European officials have been working since September 1995 to arm themselves with the power to access the communications records of Europe’s telephone and internet users – whether terrorist suspect or not – long before September 2001 and the ‘war on terrorism’ made this kind of intrusion a patriotic duty.
Today, 8 November, the foreign ministers of the 43 states of the Council of Europe formally approved the fruit of their efforts, the Council’s Convention on Cyber Crime. The member states meet on 22 November in Budapest to sign it into life.
Technically it enters into force only when the parliaments of five states, at least three of which are members of the Council of Europe, have ratified it, though even then it will not be law. That falls to the interior ministers of the member states who are set to adopt its far-reaching ambitions in legislation of their own.
Britain’s own interior minister, home secretary David Blunkett appears ready to feed whole tracts of it into his formal response to the 11 September atrocity, setting a worrying trend. With parliamentary scrutiny of anti-terrorist legislation currently at a minimum the Convention offers an ‘off-the-shelf’ solution to European states without time or inclination to come up with something less life-threatening to civil rights.
As a warning of things to come, Home Office officials are wrapping up Blunkett’s proposals via a voluntary code of practice for the country’s internet service providers (ISPs). But they are also tagging them to the Regulation of Investigatory Powers Act (RIPA) passed last year, which allows law enforcement agencies to demand communications data without a court order for a broad range of purposes.
These include national security issues, the prevention of public protest that may lead to crime and disorder, even the protection of public health and safety and the collection of unpaid tax.
Two days after the World Trade Center disaster, Britain’s National High-Tech Crime Unit asked telephone companies and ISPs in the country to retain all communications-traffic data for a month. Under the country’s Data Protection Act and current EU directives, companies can only keep such data briefly, and for billing purposes only.
Unit intelligence team leader Tony Hutchins told the Wall Street Journal at the time that the request was a “precautionary” one in anticipation of requests for surveillance. He said he feared that incriminating data might be missed before requests to target individuals actually arrived.
But the Guardian newspaper reported this week that the police could now demand access to all of this collected data, not just for national security reasons, but also for far lesser crimes, on their own authority and without need for a court order, simply by using their powers under the RIP act.
The report contradicts Blunkett’s own claim, made in an article for the Labour party magazine Tribune in late October, that the state needed access to more information was needed than was available under current law, but “strictly in the case of a criminal investigation against suspected terrorists”.
In fact Britain has long worked to persuade the EU to lift its 1995 and 1997 EU Directives preventing “mass surveillance” by collecting data in bulk for investigation later. According to the European Voice newspaper US President George W. Bush has written directly to the EU presidency to support the British campaign.
Bush reportedly reasserted Washington’s support for mass collection of data and its opposition to EU data protection rules that limit the collection of ISP data to billing purposes only. The US has already equipped itself with even more draconian powers, in the form of the new Uniting & Strengthening America (USA) Act.
The act makes orders allowing the authorities to record online activity easier to obtain than ever. And once again, investigating officers will be free to pass whatever they find on to other government departments. Unsurprisingly perhaps, the United States was allowed to contribute to the Council of Europe’s convention drafting process.
British use of the current crisis and the RIP act to first scoop up records of Internet traffic as part of a ‘terrorism investigation’ – and then use the same data, should they wish, to pursue credit card fraudsters – perfectly illustrates the kind of powers envisaged by the Council of Europe convention and its line on “powers and procedures” on the search of computer networks and interception.
The treaty is intended to facilitate the collection of information by requiring companies that provide Internet services to collect and maintain information in case it is needed by law enforcement agencies. It would permit international access to such information by governmental authorities in different jurisdictions.
Simon Hughes, the Liberal Democrat home affairs spokesman, told the Guardian: “We understand the argument for data retention for specific purposes under terror legislation for the period of an emergency. There is a different argument, with much less justification, for general powers from now, in theory, until eternity.”
Yet the pressure on the EU to allow these powers is relentless. Long before 11 September the EU Telecommunications Council was trying to rewrite and replace the existing EU directives on privacy and telecommunications to allow this kind of mass data sweep, backed by Britain and now President Bush.
A draft new directive has drawn heavy fire as it has gone through the EU legislative mill. Such measures, warned the European Parliament’s Committee on Citizens Freedoms and Rights on 11 July, “must be entirely exceptional,” based on specific law “comprehensible to the general public” and be applicable on a case-by-case basis.
“Under the European Convention on Human Rights and pursuant to rulings issued by the Court of Human Rights,” it further asserted, “any form of wide-scale general or exploratory electronic surveillance is prohibited”.
Italian Radical MEP Marco Cappato links this strategy with use of the top secret Echelon system. Jointly run by the United States, the United Kingdom, Canada, Australia and New Zealand, Echelon scoops up billions of bytes of satellite, microwave, cellular and fibre-optic traffic – voice and data communications – and then processes it through sophisticated filtering technologies.
Critics of the Echelon system also argue that this mass surveillance system is allowed to operate with minimal oversight and without assurances that it is not being used illegally to spy on private citizens.
The Council of Europe convention poses other threats to privacy. It calls on member states to adopt new laws allowing government access to encrypted information and criminalizing the possession of common security tools.
Phone and internet tapping laws in all of the countries will have to be changed to suit. It also aims to limit the use of freely-available encryption programs and enhance powers to demand individuals to hand over unencrypted data or the ‘keys’ needed to decode it.
The convention is concerned with more than just web site addresses, but worries about content as well. This too goes beyond issues of national security. The Convention will come with a supplementary protocol making any publication of racist and xenophobic propaganda via computer networks a criminal offence.
Cappato says that strict regulation of law enforcement authorities’ access to details of internet traffic and location data is fundamental, noting the “EU States’ efforts underway in the (EU ruling European) Council to put their citizens under generalised and pervasive surveillance, following the Echelon model.”
And the Council of the European Union’s Legal Service says that the draft EU directive on privacy and telecommunications will give governments all the powers they need to combat terrorism.
But it added that any measures adopted must be: i) be necessary; ii) cater for pressing needs; iii) remain proportionate to the legitimate goal being pursued; iv) include legal guarantees provided to individuals so as to prevent and penalise arbitrary interference.
However, as the rights lobby group Statewatch notes, “it is unlikely that the EU member states, for example the UK, who have been pushing for months for a general law for the retention of all data and for law enforcement agencies to have access to it will accept this limited power.”
First published by Index on Censorship on 8 November 2001