|Pros and cons of data retention
Arguments of Data Retention advocates critically discussed:
"Blanket telecommunications traffic data retention is indispensable in the fight against terrorism and organized crime"
Wrong. Even without exhaustive logs on every use of phones, cell phones, e-mail, and the Internet, sufficient traffic data is available for fighting crime:
An independent study commissioned by the German ministry of justice found that even without data retention, requests for traffic data were successful in 96% of all cases. In another study, the German Federal Criminal Police Office mentions 381 criminal cases in which law enforcement agencies were hampered by a lack of telecommunications connection data – compared to the more than 6 million criminal offences committed every year in Germany this represents a marginal share of 0.01 percent. Furthermore, these cases were concerned with the investigation of crimes committed in the past rather than the prevention of crime. Furthermore, only two of these 381 cases had a link to terrorism, despite repeated claims that terrorism is one reason for retaining telecommunications data. According to the German Federal Criminal Police Office, additional traffic data is mostly not needed for combating terrorism or organized crime but for tracking down the exchange of child pornography on the Internet or for investigating fraud. However, the rate of crimes solved is the highest for these offences even without data retention. Moreover, prevention is much more effective in the case of fraud than subsequent prosecution. For example, raising Internet users' awareness can prevent them from becoming credulous victims of identity theft (e.g. because of "phishing mails").
The clearance rate for Internet crime in Germany (80%) has always been far above the average clearance rate (55%), with or without data retention. The coming into force of data retention legislation in 2008 has not had any effect on the clearance rate for Internet crime in Germany (2007: 82,9%, 2008: 79,8%), nor on the average clearance rate for all crime (2007: 55,0%, 2008: 54,8%).
The retention of telecommunications data is ineffective against terrorism and organized crime:
Telecommunications data retention does not prevent crime either. Ireland, which introduced data retention for a period of three years in 2002 could not report a reduction in crime.
Truly useful measures for supporting the work of security agencies would be other measures such as facilitated access to telecommunication connection data of other countries. Security agencies complain that requests for obtaining connection data from other EU member countries are complied with slowly while data from non-EU member countries cannot be obtained at all. This is a much greater obstacle to their work than a lack of domestic traffic data. About 80% of investigations in the areas of terrorism and organized crime involve international connections.
"If but one serious crime can be prevented, data retention is justified"
Wrong. Free and open communications is more important to our society than attempting to prevent every single crime.
First and foremost it is very unlikely that a crime can be prevented with the help of telecommunications connection data; at best crimes committed in the past can be resolved.
Even in the exceptional case that a crime could be prevented, the retention of telecommunications data for the entire population is not justified. If the prevention of one offence justified every means, we would have to give up our constitutional rights, including the ban on torture and the protection of human dignity. After all, any such basic and civil right could stand in the way of fighting crime. However, these basic rights serve the purpose of supporting a free society and a vibrant democracy, thus promoting the good of the entire population. These values are more important to us than an attempt to prevent every single crime.
Those who want to prevent all crime would, as a matter of consequence, also need to demand a ban on road traffic, smoking and liquor. All of these measures could help reduce the number of fatalities. Everybody who opposes patronizing citizens and therefore accepts traffic deaths and cancer-related deaths cannot credibly advocate the prevention of every single "crime".
Setting the wrong priorities
Constantly demanding more security distracts our attention from the failures and the wrong priorities of politicians. While politicians try to employ a total surveillance and control over their citizens in order to punish each and every criminal, they consciously accept that thousands of people die every year from the consequences of smoking, drinking and traffic accidents, for example. For the benefit of certain industries (tobacco industry, breweries, automobile industry), politicians remain inactive where they easily could and should prevent the illness and deaths of countless people. Even in fighting unemployment and poverty - the citizens' primary concerns over the last years - acting politicians have failed repeatedly, as statistics show.
In comparison to these problems, the effects of crime are disproportionately small:
Those who keep demanding additional measures to fight crime therefore fail to address the actual problems citizens face every day. Crime rates have always remained roughly the same and have never fundamentally threatened our society.
Negative side effects
Those who focus on the gruesome crime at hand, ignore that the harmful effects of exhaustive record-keeping by far outweigh its benefit. Because of this, blanket record-keeping is unreasonable. Even the protection from crime does not warrant disproportional measures.
Overall uninhibited communications become largely impossible, particularly once the first case of data abuse is exposed. Eavesdropping scandals have already occurred in Greece and Italy. In the USA, connection data is commercially available for purchase. In Germany a significant abuse of telecommunications data occurred when Deutsche Telekom analyzed hundreds of thousands of records on the communications of its directors, its employees, and of journalists in an attempt to identify a leak within their company. It is but a matter of time before more cases of abuse of retained telecommunications data are exposed.
"No communication content is being stored"
In a strict sense, this is true by itself, however it is misleading as it is possible to reconstruct the communication content from traffic data in many cases.
Who someone is talking to often allows deducing what is being talked about. It is obvious why someone would call a marriage or drug counselor, a physician specialized in venereal diseases, an attorney specialized in law regarding tax offenses or a telephone sex number. In the case of politicians, contacts with lobbyists or prostitutes may be of interest.
When using the Internet, service providers often log requested content and search queries ("server logfiles") on a voluntary basis. Simply by combining these logs with traffic data (IP address) stored at an Internet service provider, the communications content can be meticulously reconstructed.
The danger exists that data retention will be extended to also cover communications content in the future. In Italy, for example, SMS text messages are already being stored. The argument that this information may be needed for law enforcement purposes could be used to justify its retention in the future.
"Traffic data was retained for commercial purposes anyway"
This statement is false in such a generalized form.
Currently, German telephone service providers may only retain traffic data which determines their customers' bills (Section 97 Paragraph 3 German Telekommunikationsgesetz). Therefore data relating to incoming calls, cellphone location data (Who made calls where?) and e-mail traffic data (Who sent an e-mail to whom?) currently must not be stored. For flat-rate fees currently no traffic data must be retained at all as none of the data is relevant for billing.
Therefore, by far not all available traffic data is retained commercially and data is only stored for a shorter time period, compared to mandatory data retention.
"Access to the stored data is subject to strict conditions (e.g. judicial order)"
Wrong. Today connection records (traffic data) are already being retrieved several ten thousand times a year. The identities of telephone, mobile phone, email and internet users (subscriber data) are even retrieved several million times a year by government authorities (4.5 million times in 2009 or 12.000 times per day). Reintroducing data retention would cause another considerable leap in the number of retrievals. Given these facts, the argument that access to the stored data is only allowed under strict conditions cannot stand.
An investigation of phone tapping practice revealed that the requirement of "judicial orders" does not warrant efficient control: In many cases blank permissions were granted without a detailed examination of the filed documents and without denying requests in case of absent legal prerequisites (report on Heise.de). The requirement of "judicial orders" couldn't prevent the number of phone tapping actions from increasing for years - this increase is not due to an increase in the number of crimes but caused by weakening the legal prerequisites for surveillance actions. Furthermore privacy advocates continue to criticize that only the setup of surveillance actions is subject to judicial control, not their continuous execution (report on Heise.de).
The discussion about data collected by toll bridges (report on Heise.de) further illustrates the insecurity of legal boundaries for the use of retained data. Legal access restrictions that are put in place today can easily be watered down or removed by changes to legislation tomorrow. There are numerous examples for this mechanism. For example, access to bank data was originally granted to combat terrorism. Today, fiscal authorities, the social welfare office and many others have access to this data.
These aspects cast serious doubt on whether the long-term security and protection from abuse and access by non-governmental organizations of this data can be guaranteed. The circumvention of legal protective mechanisms (for example the appropriation of data from toll bridges), ambiguous legal clauses, human errors (for example lack of judicial control) and the advance of outsourcing of state duties to private companies do not indicate a diligent handling of mass-retained data.
A series of data abuses and incidents has occurred in Germany, Italy, Greece, Latvia, Bulgaria, Slovakia and Hungary in recent years. Telecommunications companies such as Deutsche Telekom and Vodafone have repeatedly failed to protect communications data. Such data has been stolen, sold and abused. The German data protection commissioner found in 2009 that access to retained data is not logged, that more data than allowed is being retained (e.g. location data, e-mail data) and that data is not deleted in time.
"Germany is obliged to implement the EU Directive on Data Retention"
Wrong. The EU Directive on Data Retention need not be applied in German law in that it involves flagrant and grievous violations of legality and as such will be declared null and void by the European Court of Justice.
The EU Directive is contrary to law as a consequence of the fact that it violates numerous fundamental rights. The Irish High Court has decided in 2010 that it will ask the European Court of Justice to decide whether the Directive is compatible with the EU Charter of Fundamental Rights.
Until such time as the Court decides one way or another, Germany is in no way obliged to implement the directive. According to Art. 114 (4) TFEU member states may maintain diverging national provisions on grounds of public order. The protection of fundamental rights is part of the public order.
If Germany refuses transposition, it is threatened with the introduction of a procedure for treaty violation that, in point of fact, carries no financial penalties. Germany has already made use of this possibility in other cases, for example in that of the directive on tobacco advertising. At the present time there are seventeen EU directives that have never been implemented. A moratorium on the implementation of the data-retention directive is perfectly feasible.
"The Directive was a necessary compromise, designed to forestall more invasive plans for Data Retention"
Wrong. Germany could have prevented the decision for the EU Directive being taken, had the German minister of justice refused to envisage data retention from the very start, as several resolutions of the Bundestag had demanded. Instead of that, Federal Justice Minister Zypries quite needlessly declared herself in favour of a six-month retention system, describing it as useful, and, against Bundestag guidelines, actively worked for an obligation to retain data for such a period of time.
"Germany merely applied the minimum requirements when transposing the EU Directive"
Even were that statement true, it could not alter the fact that systematic registration of telephone data so as to cover the behaviour of everyone in the country is grossly out of proportion and in no way to be reconciled with the concept of a free society. Here we have the registration of communications without good reason, and to argue that this is justified because it is limited in scope is like saying to somebody: "Don't worry, we won't kill you, just beat you to pulp!"
And actually it is not even true that only the minimum requirements of the EU Directive were being followed. The truth is that the German law in many ways went far beyond what the directive requires.
"Civil Liberties are not adversely affected by Data Retention"
Wrong. This statement made by Federal Minister Brigitte Zypries (SPD) in front of the Bundestag in 2006 is untrue.
The weightiest accusation is that data retention violates the secrecy of telecommunications. Without any suspicion of a crime having been committed, sensitive details pertaining to the private lives of 80 million citizens of the German Republic, about their social relationships (including business dealings), about where they go and the individual circumstances of their lives (e.g. contact with doctors, lawyers, psychiatrists and advice centres) are being amassed. In this way data retention undermines the intimate secrets of the legal, medical, psychiatric, advisory and other confidential professions and facilitates industrial espionage. It makes a mockery of the confidentiality of the journalist's sources and thus strikes at the very heart of the freedom of the press. Even the presumption of innocence is abolished, for a mountain of leads and evidence is being stock-piled against every single citizen without there being the slightest whiff of suspicion that he or she has committed a crime. All that is in direct contradiction to the European Convention on Human Rights.
Compare data retention with the postal system in which one need not even place the sender's name on the envelope. A postal data retention scheme would mean that the state would arrange for the registration of details of all letters, that is, who sent whom a letter and when. A data retention scheme for conversations would mean that state spies and informers would note down the name of anybody who spoke to anyone else and who that person was. Such illustrations make it clear that data retention schemes are worthy of the Stasi, but unworthy of a democracy based on the rule of law.
"The Federal Constitutional Court has found data retention compliant with fundamental rights"
Wrong. The German Constitutional Court has ruled void the German data retention law. It declared that the principle of data retention was not unconstitutional as such. However the Court has not ruled on the compatibility of data retention with the European Convention on Human Rights (ECHR) and the EU Charter of Fundamental Rights (CFR). The Constitutional Court of Romania has found the principle of data retention violates the right to privacy (article 8 ECHR). The European Court of Human Rights found in 2008 "that the blanket and indiscriminate nature of the powers of retention of the fingerprints, cellular samples and DNA profiles of persons suspected but not convicted of offences" violated the right to privacy. The same applies to the retention of communications data of persons not even suspected of offences. More arguments with respect to the ECHR can be found in a brief sent by 43 civil liberties NGOs and professional associations.
"We need more surveillance to protect us from criminals/terrorists/sex offenders so we can live in safety."
Wrong. More surveillance does not lead to more security.
How safe our living environment is can be determined by taking a look at statistics measuring the frequency of violent crime. The assumption that increased surveillance leads to a decrease in the occurrence of violent crime is not empirically proven, nor have responsible politicians ever claimed that it does. In fact, there is no measurable connection between increased surveillance measures and the crime rate, whether over time in a particular country or in comparisons between different countries with different surveillance powers. An American comparative study indicates that there is no measurable relationship between the amount of power granted to the criminal investigation services and the frequency of crime.
There is no doubt that in isolated cases surveillance measures can help solve a crime; the overall benefit, however, is negligible. WHO statistics have calculated the loss of healthy life time caused by premature death, illness and disability. According to those statistics, illnesses are responsible for the loss of 92% of Western Europeans' healthy life time. 2% of the loss is a result of traffic accidents, 1% of falls, 1,7% of suicide. Violence only reduces Western Europeans' healthy life time by around 0.2%. That means violent crime is about as dangerous as accidental poisoning, tooth decay, back pain or diarrhoea.
According to Eurostat, only about 0.002% of Europeans die each year as a result of violent crime, including terrorist attacks. The statistics show that you are several times more likely to die from an unhealthy lifestyle (e.g. an unhealthy diet, sedentary lifestyle, tobacco, alcohol), a fall down the stairs or a traffic accident than you are to die by a violent crime. The greatest risks to our health are not crime but things like high blood pressure, tobacco use, excessive alcohol consumption, high cholesterol levels, obesity, an unhealthy diet, a sedentary lifestyle and so on. In fact, a reduction of tobacco use by only 2% would do more of a service to public health than the elimination of all violent crime. Additionally the risk of being negatively affected by facts of life like poverty, unemployment or natural disasters is much higher than the risk of falling victim to violent crime, too. Despite all these various risks and dangers, life expectancy for Europeans has been constantly increasing over the past decades.
To be sure, criminal offences pose a serious threat to an individual's well-being, and the state ought to use appropriate means to combat and reduce the occurrence of crime. However, one has to put things into perspective, for the threat of falling victim to crime is only one risk among many, and not even the most serious one at that. Crime is a part of life that can never be completely eliminated, and the actual risk for the individual is so small that the reduction in quality of life caused by increased surveillance measures is not worth its dubious and unproven benefit.
Apart from this, many forms of criminal behaviour have root-causes that cannot be fought by the police but have to be addressed in the broader context of societal organization.
"We need to employ all available means to prevent such dreadful crimes/terror attacks/child abuse/... in future."
Wrong. It serves our security when the state is not allowed to use every means at its disposal.
The state not only prosecutes criminals but also investigates those who are merely suspected of having committed crimes. Suspects mostly turn out to be innocent, or at least cannot be proven guilty of any crime. The instruments available to the criminal prosecution authorities (e.g. surveillance of telecommunications data, personal surveillance, questioning of neighbours, preventive detention) are in many cases used against innocent people. Large amounts of data are amassed on ordinary citizens without any prior evidence of involvement in criminal activity. We thus observe a subtle shift away from the assumption of innocence and towards a scenario where everyone is a potential suspect who has to prove his innocence, instead of the state having to prove him guilty of some crime.
Anyone can become the target of unjustified suspicion, and it is in all our interests to limit the means the state can use to act on such false suspicions. And the more data is available about individual citizens, the more such false accusations will arise because of the multitude of "suspicious connections" suggested by the plethora of data.
Certain methods (like torture) contradict basic human dignity, even that of the criminal. We have learned from our history that unrestricted pursuit of the "common good" and the "national interest" is not ultimately in our interest. The potentially negative consequences of other instruments used by the state (like arbitrary surveillance without prior indication that any crime has been committed by the person in question) are out of proportion with the slight increase in overall security they might achieve. Any beneficial effect of those measures is far outweighed by the stifling effect they will have on the free expression of critical opinions by the citizenry, the very thing that forms the foundation of a free and democratic society. Constructive participation of the citizenry in the democratic process is replaced by the silence engendered by fear of unjustified persecution.
In the long term constitutional limits to state power and respect for basic human rights serve to improve overall security, since excessive repression and control breed discontent and resistance among the population. Honouring basic human rights makes us safer, not more vulnerable. The Supreme Court of the State of Israel appropriately stated this in 1999: "This is the destiny of democracy, as not all means are acceptable to it, and not all practices employed by its enemies are open before it. Although a democracy must often fight with one hand tied behind its back, it nonetheless has the upper hand. Preserving the Rule of Law and recognition of an individual’s liberty constitutes an important component in its understanding of security. At the end of the day, they strengthen its spirit and its strength and allow it to overcome its difficulties."
"Data Protection means protecting criminals. It is an obstacle to protecting the innocent."
Wrong. Data protection means freedom protection. Data protection serves to protect the innocent.
When the State doesn't collect knowledge about us unrestrictedly and isn't allowed to sieve through any data searching for particular profiles, that in fact serves to protect us. The more the state knows about us, the more starting-points for investigation will be at its disposal and so the greater will be the danger that the state will come to suspect us unjustly. Moreover comprehensive collections of data offer an open invitation to misuse. In the past there have repeatedly been cases in which police officers have passed on police data to others in return for bribes or for private reasons. The mere fear of misunderstandings or abuse can itself narrow our freedom of decision. When we can act anonymously or know that our data will immediately be destroyed or at least not used for other purposes, then we do not shrink back from sensitive activities, such as participating in demonstrations, collaborating with opposition groupings, asking for psychiatric help or taking part in sexual activity. That is why protecting our data ultimately protects our freedoms.
"We've got to do something about crime. We can't just fold our arms and give up."
Wrong. Politicians acting merely for the sake of action is quite pointless.
Nobody wants people to stand with folded arms where crime is concerned. But it is the security forces' job to act, not that of MPs. When spectacular crimes come into the limelight, that is essentially a wake-up call to the relevant authorities to work more intensively to hinder such cases in future. Politicians tend to react with demands for "improved" laws. For politicians new laws are of course a cheap and easy way of displaying to the public that they are "decisive" and "on the ball". But this kind of action for action's sake often leads to the passing of laws that bring the citizenry no measurable benefit. Whoever continually promises new laws and - inevitably - proves incapable of preventing crime, will lose the trust of the citizenry after a while and thus encourage disgust with politics. In the end he or she endangers the ability of our democracy to function.
"The state has a duty to protect its citizens. The citizenry have a right to security."
Wrong. The citizens cannot demand more from the State than that it should take appropriate measures to combat crime.
No "right to security" as such can exist, as no state can guarantee complete security against crime. Even police states with unlimited power (the GDR for instance) have not proved capable of eradicating crime. On the contrary, such states have seen a lot of corruption, arbitrariness and crimes committed by the State itself. A democratic state based on the rule of law should take proper action against criminals. But it deliberately sets itself limits and lays down restrictions so as to protect the innocent and preserve a free society. Precisely that is what forms the strength of its free and democratic character, observing the rule of law.
"I have nothing to hide."
Wrong. Everybody has got his or her private life that is no business of the State.
Those of you who like to claim you have nothing to hide ought to face up to questions like "Why do you bother to get dressed before leaving home?" or "Why close the toilet door?" Everybody has experiences which are no business of strangers and shouldn't get revealed to the public.
Nobody can claim that they have never done anything wrong. Never dodged a fare? Never lied about your car in order to sell it? Never omitted things on your tax declaration? Never broken the speed limit? If the State just waits and collects data, sooner or later it will sniff out petty offences. And even if you're completely innocent, you can reap disadvantages from mass-surveillance and data-mining.
If anybody wants to spent all his time in a Big Brother container, then he's free to do so. But he shouldn't find it objectionable when other people like to keep their secrets.
By the way, states have their own secrets, too. They are called "state secrets". Members of Parliament fight against too much transparency in their own lives, for example, not wanting to disclose their own finances. State surveillance is kept hidden, too, to prevent it being discovered by those spied upon.
"Those who have nothing to hide don't have anything at all to fear."
Wrong. Time and time again innocent people find themselves in the cross-sights of the authorities.
Innocent people ought to ask themselves: "Even if you have nothing to hide, could you convince the police or immigration officials that is so?" Even the innocent have increasingly to face police measures. Often mistaken suspicions are aroused by supposed risk-factors (such as having the "wrong" religion, "wrong" nationality, "wrong" place of birth, "wrong" name, reading the "wrong" books or voicing the "wrong" opinions) or just an unlucky combination of circumstances can lead to repressive measures. The consequences may be interrogation of neighbours and colleagues, shadowing, police-searches of their home or even arrest. And those very measures may cause prejudice against them in their social surroundings and even destroy their means of existence. Unwarranted refusals to allow one to enter or leave a country, confiscation of property, forced repatriation as a result of confusion over names, even kidnappings by secret services and erroneous killings by police or "sky marshals" occur repeatedly. Cases of such things happening occur in Germany, too.
Surveillance and data collection provide a flood of information into which discrepancies can be read and so give rise to suspicion. Then it is of no help at all that someone has "nothing to hide".
In point of fact, those who have "nothing to hide" need not be surveilled in the first place.
"Surveillance only serves the purpose of fighting serious crime."
Wrong. Misuse for other purposes occurs over and over again.
Cases such as the spying on journalists by the BND (Germany's CIA) remind us time and again that security laws are indeed abused. Apart from journalists, those critical of the government, such as anti-globalization activists, must face similar misuse, too. As these people are acting for the benefit of us all, their freedom should matter to us.
The German Federal Constitutional Court has warned: "Fear of surveillance and the danger that what one says or writes is being recorded and later combed through before being transfered to be further exploited by other authorities can in itself lead to self-censorship and other forms of reticence to communicate with others and to the emergence of more conformist modes of behaviour." The former President of the Constitutional Court, Frau Prof. Dr. Limbach, has put it even more starkly. "A democratic political culture has its life-spring in the joy of expressing one's opinion and in the citizenry's degree of commitment. And both require fearlessness. This fearless quality will generally be lost, if the State decides to classify the citizens biometrically, sieve through data on the look-out for particular profiles and snoop on their movements and activities electronically."
Furthermore experience shows that restrictions on data usage become increasingly toothless with the passage of time. More and more authorities and circumstances are discovered in which a surveillance measure or collected data could be useful. In the end surveillance and requests for data are allowed in every case in which they could conceivably be of use.
"Surveillance is only a minor, hardly perceptible intervention."
Wrong. Surveillance can have dramatic consequences for the people concerned, and, at worst, it can ruin their lives.
Even if surveillance by itself does not hurt, its consequences can. If surveillance data arouse the suspicion of public authorities, this can lead to measures such as interrogation of neighbours and colleagues, shadowing, execution of a search warrant or arrest. Unjustified denial of requests to enter or leave a country, confiscation of property, rejection at the border due to a mistake in name and even abduction through intelligence agencies and erroneous killings through police or sky marshalls are not fiction, but reality.
"Surveillance makes people feel safer."
Wrong. Symbolic actions do not build confidence.
Even if some surveillance measures are popular in the short term, they do not ultimately strenghten the overall feeling of security. After all, the media will never tire of presenting us with new spectacular crimes. Politicking is also counterproductive, as fear of crime is usually fuelled in order to push through new laws. There are other, more effective means of increasing the overall sense of security: since the true extent of crime is usually overestimated, it would be reasonable to inform people about the real risk to make them feel safer. Structural measures (such as better street lighting) and improved contact to neighbours and police can also help to counteract fear of crime.
"Data protection advocates are paranoid, their horror scenarios are exaggerated."
Wrong. Errors and misuse are a daily occurrence. A few examples can be found here (in German only), however, the cases that have become public are probably only the tip of the iceberg.
"We are already being surveilled in everything we do anyway."
Wrong. If total surveillance were already reality, there would be no need for politicians to bring forth more and more new laws in order to expand it.
According to Privacy International, the international organisation for data protection, privacy in Germany is still among the best protected in the world and (compared to other countries) has been restricted the least over the past few years. We must defend this protection and reconquer our already lost liberties.
"We can't change it anyway."
Wrong. There are many opportunities to oppose this security ideology, some of which are found here.
Actions taken by a single person may not result in big changes. If, however, many people get involved, this cannot be ignored by politics in the long run. Politicians are very sensitive to the mood of their voters. A list of civil rights organisations, where you can commit yourself, is found here.