orpheus26 - stock.adobe.com
Blanket and indiscriminate telecommunications data retention is the most privacy-invasive instrument and the least popular surveillance measure ever pursued in the European Union (EU).
Data retention laws mandate the indiscriminate collection of sensitive information about people’s movements, social and business contacts.
That includes recording data of people’s communications with doctors, lawyers, workers’ councils, psychologists, helplines and other private information that impacts millions of citizens who are not suspected of any wrongdoing.
According to a recent poll, public opposition to this blanket surveillance policy is greatest in Austria, the Netherlands and Germany (51% oppose blanket surveillance and 31% support it).
Germany has been investigating and prosecuting crime without data retention for more than 10 years now. The crime clearance rate did not drop when the Constitutional Court annulled the first data retention law in 2010.
In 2015, the government reintroduced data retention legislation, but it was never implemented due to court rulings. A decision by the European Court of Justice is expected soon, and the current German government, composed of social democrats, greens and liberals, is debating which approach to pursue.
How will Germany’s government proceed?
While the German governing coalition agreed on replacing the current data retention law, it must not be replaced by a window dressing like in Denmark or Belgium, where a new generation of data retention laws only pretend to comply with the EU court’s requirements, but in practice aim to continue indiscriminate mass surveillance.
The coalition agreement supports communications data retention “on an ad-hoc basis and by judicial order” only. German justice minister Marco Buschmann’s liberal party is proposing a “quick freeze” approach where data is stored only in case of a suspicion.
Yet the social democrat minister of the interior, Nancy Faeser, has been advocating for indiscriminate collection of information on every internet connection (“IP data retention”). Law enforcement authorities are, likewise, calling for such digital mass surveillance, referring to child protection needs.
Proponents of mass surveillance want to make us believe perpetrators are safe unless the whole population is under surveillance. This prevents the urgently necessary debate on targeted child protection and prevention measures. Mass surveillance legislation seems like a technologically easy and cheap way out, whereas allocating appropriate resources for prevention and prosecution is difficult, expensive and politically less rewarding.
Mass surveillance is not a solution
Much more is needed to protect children better. We need to improve reporting and raise overall awareness because the number of unreported cases is alarmingly high. We need to improve the cooperation of authorities, promote child protection officers and increase funding for social work and counselling centres. Competent and fast investigations are what is needed. Mass surveillance is neither needed, nor a solution.
We have seen remarkable police successes against child sexual abuse perpetrators recently, especially in the state of North Rhine-Westphalia. These successes were achieved as a result of targeted investigations, not by indiscriminate data retention. In January this year, Germany’s government published statistics on crime clearance rates. In the years 2017 to 2021, only 3% of child sexual abuse material (CSAM) investigations could not be pursued because of the lack of records of IP addresses.
There is no evidence that IP data retention makes any statistically significant contribution to crime clearance rates. The IP data retention obligation that was in effect in 2009 did not increase the clearance rate. Along with Gegen-Missbrauch eV, the German association for victims, partners and opponents of child sexual abuse, and Sebastian Heimann, director of the German Family Association, there are child protection experts who agree that data retention is not what is needed.
Last year, the public learned that the police were not requesting the removal of known child sexual exploitation material and “child pornography”. This inaction is scandalous and irresponsible.
Unfortunately, under the influence of massive pressure, the European Court of Justice green-lighted indiscriminate retention of all IP addresses used online. The importance of IP addresses for safeguarding our privacy online is widely underestimated.
Freedom of expression
IP addresses constitute our foot- and finger-prints on the internet. The systematic collection of IP data, taken together with web logs kept by internet companies, allows for the identification of a person, the tracking of their everyday online activities, the identification of senders of emails, locating citizens and profiling. Therefore, systematic retention all IP addresses is a profound intrusion into citizen’s privacy.
The ability to use the internet anonymously is essential for freedom of expression and information. Citizens must have the ability to anonymously exchange information with the press, authorities, law firms, counselling centres and doctors, to confidentially seek advice and help and to be able to inform and express themselves about any subject. IP data retention would eliminate this anonymity for citizens who are not technically savvy enough to mask their digital footprints.
The effects of data retention go far beyond infringement of the individual right to privacy. They have a chilling effect on democratic society. A survey conducted by nine EU member states, published earlier this year, underlined that data retention causes far-reaching societal problems because it deters people from engaging in private communication. When people in crisis situations do not have access to consultation services anonymously, it can lead to violence and could endanger human lives.
We need to find a better approach to digital investigations that truly respects citizens’ privacy and liberties. With a crime clearance rate of more than 90%, Germany demonstrates that it is possible to take action against the circulation of CSAM without indiscriminate data retention. We must stand up against mass surveillance, for us and for generations to come.
Read more on Privacy and data protection
Home Office pushes for more police facial-recognition deployments
Chat control: EU lawyers warn plans to scan encrypted messages for child abuse may be unlawful
Tech companies and NGOs urge rewrite of Online Safety Bill to protect encrypted comms
Spy agencies need ‘independent authorisation’ to access telecoms data, say judges