Quietly, very quietly, governments throughout the world are constructing a global surveillance infrastructure. Your financial transactions are already available for warrantless inspection by investigators in many countries (especially the U.S. and U.K.). Now world governments want to require Internet service providers (ISPs) and phone companies to keep data on every electronic message sent and phone call made for up to two years.
The justification, as usual, is to more effectively fight the “War on Terrorism,” but there’s no reason why the stored data wouldn’t be open to any type of investigation, including drug crimes, tax fraud, or prosecutions of those deemed “enemies of the state.” And for reasons I’ll describe in a moment, hackers and identity thieves will have a field day once these requirements are in effect.
In the 25 countries of the European Union (EU), the Data Retention Directive (DRD) comes into effect in August 2007. It requires phone companies, ISPs, and firms such as Google, Yahoo and Skype, to store call traffic and location data for fixed and mobile telephones, text messages, Web browsing records and Internet e-mail and telephony records for six months to two years. Some EU governments are already proposing extending the retention time to five years.
More recently, US Attorney General Alberto Gonzales has been on the stump to promote the need for similar data retention laws in America. And he’ll probably get them. Moreover, under existing agreements, it will be possible for investigators in the EU to obtain US records, and vice-versa.
In the EU, and most likely in the US as well, any business offering Internet access will need to comply with the data retention requirements—hotels, Internet cafés, public libraries, wireless hotspot operators, etc. Private companies with in-house networks area also are covered.
For call data, phone companies will need to store the name of the registered owner of each phone, the numbers dialed, the length of a call and, for mobile phones, the location of the caller. For e-mail the information required includes the registered owner of the e-mail address and the e-mail addresses of their correspondents.
Police investigating terrorism and serious crime will have access to the commercial traffic logs of all phone calls, text messages, emails and instances of internet use by suspects. Because this data offers historic information, it allows your calling and e-mail patterns to be tracked over long periods of time. Regular numbers called and your network of contacts will be in plain sight.
E-mail providers that don’t require proof of identity, such as Yahoo! or Hotmail, would presumably have to begin requiring such proof in order to open an account. Pre-paid mobile phone services would presumably be banned as well unless proof of identity is provided.
It’s not at all clear about exactly who will be able to access this information, but if you look at the situation in the one country where similar laws are in effect—the UK—the record isn’t encouraging.
The UK’s Regulation of Investigatory Powers Act (RIPA) doesn’t provide for data retention, but gives police authority to require telecom service providers to give them whatever data they do retain. No search warrant or other legal authority is required to obtain the data—any police officer holding the rank of inspector or superintendent (depending on the type of data) can demand the data.
While there is open debate in the EU over the Data Retention Directive, in the US, the silence is deafening. While the usual civil liberties advocates have objected, the mainstream press has played its usual sheepdog role of going along with anything the government advocates as improving “security.”
But will abolishing all Internet, email and telephone privacy really improve security? Surely real criminals and terrorists will figure out ways to bypass the surveillance. And the potential for misuse is breathtaking.
For instance, the recent Hewlett-Packard “pretexting” scandal showed how easy it is for private investigators to obtain telephone records. With a law like what Attorney General Gonzales is proposing, not only telephone records, but e-mail records, Web browsing records, and much more, will be ripe for the plucking by private investigators and hackers. For identity thieves, it will be like shooting fish in a barrel.
And that’s just for starters. Once legislation like this is in effect, there’s nothing to stop the government from expanding the list of offenses under which the data may be accessed. Moreover, it’s not such a large step from demanding records of your electronic communications be available on demand to a government authority to demanding that other transactional records be similarly available. For instance, many stores have “shoppers’ cards” which permit the store to maintain a record of every product you purchase. If governments demand this data to fight the “War on Terrorism,” what’s to stop them from getting it?
What can you do to protect yourself from this web of surveillance being constructed around you? As long as it’s legal to do so, use telecom services that don’t require proof of identity: e-mail services like Yahoo! (although Hushmail is better), pre-paid telephone services, and encryption programs like PGP. Another service that offers significant protection to your online communications is Armorware. You can read more about it at http://armorware.directtrack.com/z/9/CD125.
