On Dec. 15, the European Parliament voted yes on a directive that will let police randomly spy on the citizens of the EU's 25 member countries.
What's really sneaky is that the Directive on Data Retention doesn't create new forms of surveillance. In fact, there's nothing in it about special snooping powers. This might seem surprising to people who live in the United States, where the president has recently been roasted for bending the rules on wiretaps.
The EU directive manages to do something far more catastrophic than granting extra wiretaps. It lays the groundwork for a more effective surveillance state by mandating that communications companies -- like cell phone and Internet providers -- save information about everything their customers do on their mobile phones and online. The information must be retained for at least six months, but some countries are taking the directive much further: Poland will be keeping the data for 15 years. Why get a wiretap order when you can just data-mine the hell out of everybody?
The European Commission, the EU's executive body, proposed the directive explicitly for law enforcement purposes, after being pressured by anti-terrorist agencies and entertainment industry groups that want to stop file-sharers. With a new wealth of communications data, law enforcement can go on fishing expeditions for suspects of all descriptions -- the directive places absolutely no limits on the kinds of crimes that can be investigated with this storehouse of personal data. Who doesn't love the idea of catching a copyright infringer and a potential terrorist in one fell swoop, using nothing more than a computer terminal? It's like armchair authoritarianism.
Supposedly the privacy of Europeans will be protected because the directive doesn't require companies to save the content of what people are saying -- only whom they talked with, as well as when and where they did it. So if I'm in England, and I call some guy in Germany, my cell provider keeps a record that says I talked to Grosse Eier from London at 2:45 p.m., but it has no idea what we said to each other. But if Eier happens to be convicted of a computer crime, the mere fact that I spoke to him could be used as evidence and a rationale for searching my own computers -- or my house.
As if that weren't creepy enough, it's very hard to separate content from other stuff when you're online. In Europe your local ISP would probably keep a record of "where you go" by saving the URLs of the sites you visit. But a URL can obviously reveal a lot about the content of what you're doing. When you do a Google search, for instance, your search terms will appear in the URL that presents the search results to you. So the ISP won't just see that you're visiting Google; it will also see that you visited Google to learn more about "subversive Polish political propaganda." Think the Polish authorities are going to look kindly on that when they find it in 10 years? No, I don't think so either.
For the past year, groups like European Digital Rights (EDRi) and Privacy International have been campaigning like crazed robots to stop the European Parliament from passing the Directive on Data Retention. They lobbied, they petitioned, they appealed to reason. EDRi even pointed out that the directive isn't just bad policy -- it's bad economics. Every ISP and mobile phone service will now be forced to build facilities that can hold years of communications data for millions of people. But the majority of Parliament voted yes anyway.
EU member countries will begin implementing the first pan-national experiment in total communications logging over the next couple of years. Soon it will be impossible to go online or make a cell phone call anywhere in Europe without leaving a very detailed trail behind you.
What's amusing and sad about all this is that citizens of the United States willingly gave up their right to online privacy long ago, without any fight at all. Everyone who stores email on Google or Yahoo! or Hotmail is creating the same kind of data reserve that the European Parliament created with the Directive on Data Retention. Maybe the EU should learn something from all those Americans happily building a surveillance gold mine without any inducement other than free email. Why pass laws when you can just work with Google?