Suche innerhalb des Archivs / Search the Archive All words Any words

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[] update: russische und EU-Pläne zur Internet-Überwachung,

 SORM Clouds Over Europe
 John Horvath   29.11.2002 
 How easily we forget 
 It's ironic how easily we forget our very recent past. It was not more 
than five years or so ago when everyone in the world was up in arms 
about SORM. SORM was a Russian law that would require all Russian ISPs 
to install a device that would connect the ISP to the security agency 
and let the FSB (formerly the Kremlin's Good Boys, or the KGB) 
eavesdrop on all information, both incoming and outgoing. The worry was 
not so much over SORM, but about the transition from the relatively 
controllable SORM-1, which required warrants, to the uncontrollable 
SORM-2. In essence, with SORM-2 wiretapping in Russia is as far as a 
mouse click away. 
 Then, there was much ado about SORM-2, namely that it was a violation 
of human rights. Business was concerned because of the potential for 
"market damage", i.e., it would be bad for e-commerce. Also, there were 
fears Internet growth may also be stunted as users would no longer 
trust the Internet as a new media. What's ironic now is that history is 
repeating itself -- this time across Europe and beyond -- with much 
less concern than five years ago; no widespread discussions on human 
rights, market damage, or stunted Internet growth. It's as if it's 
business as usual. 
 The hostage crisis in Moscow by Chechen rebels has helped to 
legitimate STORM 
 What's ironic now is that history is repeating itself -- this time 
across Europe and beyond -- with much less concern than five years ago. 
No widespread discussions on human rights, market damage, or stunted 
Internet growth; it's as if it's business as usual. What is more, the 
recent hostage crisis in Moscow by Chechen rebels has helped to 
legitimate STORM. Indeed, in the aftermath of the hostage crisis it 
looks as though Russia will be adopting a SORM-3 program, although 
details of such a move haven't been made official. 
 It's only to be expected that the Russian government would move in 
this direction. During the crisis, telecoms were required to capture 
all telecommunication exchanges taking place throughout the region. The 
"assistance" granted to Russia by other countries during the crisis 
were of a similar nature, in that all forms of electronic 
communications were monitored. In essence, the draconian measures of 
the various terrorism packages adopted by governments throughout Europe 
kicked in, with little or no scrutiny from outside observers or 
 In some instances, this even led to a police crackdown of sorts. In 
Hungary, Chechen and other refugees were followed and closely monitored 
by law enforcement. The treatment of suspect foreigners in Hungary was 
similar to what befell Afghan refugees shortly after the terrorist 
attacks in the US last year. Then, Afghan refugees were rounded up and 
incarcerated together in a closely guarded compound; in effect, they 
were all treated as potential criminals. 
 Unfortunately, such instances of state repression have now become the 
rule and not the exception. And it not only has to do with former 
dictatorships falling back on traditional means of governance or the 
over-reaction of countries to terrorist or rebel attacks. In a further 
blow to the privacy rights of citizens within the European Union (EU), 
Eurocrats are planning to introduce a compulsory data retention regime 
throughout Europe. Unlike the past, when Russia's SORM initiatives drew 
scathing criticism from Europe, the European Commission (EC) seems 
intent on borrowing and improving on SORM. 
 The traffic data of the whole population of the EU is to be held on 
 Under the European plan, which was first formulated by the Belgian 
chair of the rotating presidency in the first half of 2002 and now 
carried on by the Danish chair, all telecommunications firms, including 
mobile phone operators and internet service providers, will have to 
keep data identifying the source, destination, and time of a 
communication (as well as the personal details of the subscriber to any 
"communication device") on all forms of telecommunications sent and 
received by EU citizens. This information, known as traffic data, 
covers phone calls, faxes, mobile phone use, internet browsing, and 
e-mail. All this data would be held in central computer systems and 
made available to all EU governments for a period of 12-24 months. The 
same would apply also to accession countries to the EU, that is, those 
countries wishing to join the EU in the coming years, such as Hungary, 
Poland, and the Czech Republic. 
 In essence, what this means is that the traffic data of the whole 
population of the EU -- and the countries joining -- is to be held on 
record against the basic rights of data protection, proper rules of 
procedure, scrutiny by supervisory bodies and judicial review. 
    "It is a move from targeted to potentially universal surveillance," 
noted Tony Bunyan of Statewatch, a U.K.-based Internet organization 
that monitors threats to civil liberties within Europe. "EU governments 
claimed that changes to the 1997 privacy directive would not be binding 
on member states -- each national parliament would have to decide. Now 
we know that all along they were intending to make it compulsory across 
 According to [1]Statewatch, the directive by the EU contains "grave 
gaps" in terms of civil liberties protection. These include no 
provisions for refusing to execute a request on human rights or privacy 
grounds. Moreover, there are no limits as to what data can be exchanged 
and there is no reference to controls on the copying of data. Nor is 
there any reference to supervisory authorities on data protection or an 
individual's right to correct, delete, or block data. Furthermore, 
there is no mention of compensation for misuse or for related judicial 
review, nor are there any rules for checking on the admissibility of 
data searches. 
 Just the tip of the iceberg 
 Until now, what gave EU citizens a small measure of security from 
their own governments (at least on paper) was the 1997 European 
Commission (EC) Directive on privacy in telecommunications. This was 
the follow-up to the hard-won 1995 EC Directive on data protection, now 
law across the EU. The 1997 EC Directive said that the only purpose for 
which traffic data could be retained was for billing (i.e., for the 
benefit of customers) -- and even then it had to be erased in due 
course. Law enforcement agencies could only get access to the traffic 
data with a judicial order relating to the activities of a specific 
person or group. 
 The new measures simply overrides the 1997 EC Directive by deleting 
the provisions for telecommunication providers to erase all data and to 
have them keep traffic data for a so-called "limited period". Not 
surprisingly, this was initially rationalised under the guise of 
tackling "terrorism". But now, as war rhetoric increasingly falls on 
deaf or critical ears, the mantra is that law enforcement agencies need 
to have access to all traffic data for the purpose of criminal 
investigations in general. This includes such things as participation 
in a criminal organisation, terrorism, trafficking in human beings, 
sexual exploitation of children, drug trafficking, money-laundering, 
fraud, racism, hijacking and "motor vehicle crime". 
 Yet Statewatch sees this as just the tip of the iceberg. They maintain 
that the new measures also carries "a strong hint" that another measure 
is in the pipeline, that is, one to allow law enforcement agencies 
access to the content as well as the traffic data of personal 
communications. This would mean a further extension in the powers of 
European security and intelligence agencies, allowing them to see the 
contents of e-mails and intercepted calls and faxes. 
 For its part, the EU admits the plan involves an invasion of privacy 
but maintains that the retention period of 12 to 24 months is "not 
disproportionate". What is more, the "confidentiality and integrity" of 
retained traffic data must be "ensured", but the architects of the plan 
don't not say how. Also, there's no guarantee that the maximum 
retention period -- two years -- will be kept. "Once you start 
retaining the data it tends to hang around," commented Ian Brown of the 
Foundation for Information Policy Research. 
 The issue surrounding the EU's plans for data retention isn't limited 
to Europe, however. It extends far beyond, all the way to countries 
like Canada. Indeed, the Canadian government is also considering a 
proposal that would force Internet providers to rewire their networks 
for easy surveillance by police and spy agencies. Not only this, there 
is also talk of creating a national database of every Canadian with an 
Internet account, a plan that would sharply curtail the right to be 
anonymous online. 
 Like the EU, Canadian officials argue that since more and more 
communications take place in electronic form, such surveillance is 
necessary in order to fight terrorism and combat run-of-the-mill 
crimes. They also claim that Canada will be following its obligations 
under the Council of Europe's cybercrime treaty, which still hasn't 
been ratified by all EU members. Both Canada and the United States are 
non-voting members of the Council of Europe, and representatives from 
both countries' police agencies have endorsed the controversial 
cybercrime treaty, which has drawn protests from human rights activists 
and civil liberties groups. Yet so far, only Albania has formally 
adopted the treaty. 
 For Canada, the importance of the new plans for data retention within 
the EU is that it would further help the government make its case to 
introduce sweeping changes to Canadian law. As it stands, most experts 
agree that the Canadian proposal on its own seems weak to justify such 
radical legal changes. Indeed, according to Sarah Andrews, an analyst 
at the Electronic Privacy Information Center (EPIC) who specializes in 
international law, the proposal goes beyond what the cybercrime treaty 
    "Their proposal for intercept capability talks about all service 
providers, not just Internet providers. The cybercrime treaty deals 
only with computer data."       
 An increased sense of paranoia in Europe over the notion of "security" 
 EPIC opposes the cybercrime treaty, saying it grants too much power to 
police and does not adequately respect privacy rights. Yet the 
data-retention proposals of the EU, and subsequently Canada, shouldn't 
be viewed in isolation, but seen within the wider context of an 
"anti-privacy" action plan practiced by the state. 
 Already, the EU has extended the Schengen Information System (SIS) to 
create an EU database to target "suspected" protesters and bar them 
from entering a country where a protest is planned. The SIS also 
contains an EU database of all "foreigners" so as to remove "third 
country nationals" who have not left within the "prescribed time 
 Meanwhile, the EU plans to combat terrorism by widening the definition 
of terrorism to cover groups that aim to "seriously alter the 
political, economic or social structure of one or more countries and 
their institutions". This de-facto criminalisation of the right to 
protest extends to the act of civil disobedience, which has now been 
rephrased as "urban violence". To this extent, efforts have been 
underway to create EU para-military police units to counter all forms 
of public protest. 
 All this comes on the heels of an increased sense of paranoia in 
Europe over the notion of "security". For instance, the [2]latest fad 
in the UK is to have children tagged with a tracker implant. That is, 
children of worried parents are being fitted with a microchip so that 
their movements can be traced if they are abducted. The miniature chip, 
which is usually implanted in the arm or leg, will apparently send a 
signal via a mobile phone network to a computer, which will be able to 
pinpoint the location on an electronic map. 
 In one such example, parents said they had decided on getting the 
tracking implant for their daughter after the abduction and murder of 
two schoolgirls, Holly Wells and Jessica Chapman, a media story which 
had gripped the British public. The rationale for such technology in 
face of such a "threat" was summed up by the mother: "If a car is 
stolen, it can be fitted with a computer to enable it to be tracked -- 
so why not apply the same principle to finding missing children?" 
 What is frightening in this brave new world of Big Brother is that 
some parents actually think this way, leading others to assume that 
such logic is sound. It appears no-one questions the underlying fallacy 
of the car-child analogy; that is, children are not things. 
 Fortunately, not everyone is blindly stampeding down this alley. 
According to a spokesperson for Kidscape, the charity aimed at stopping 
children from being bullied and sexually abused: 
    "We do not think this is a good idea. Children should be taught 
about the possible dangers, rather than having something stuck on them 
that can maybe track them, and perhaps then only when it is too late." 
Likewise, a spokesperson for a parents' association noted that "parents 
and guardians must remember child abductions are extremely rare, and 
that the vast majority of abuse happens within the home."       
 Thanks to the present climate of security paranoia, which ranges from 
bearded terrorists milling in the crowds to sex offenders lurking in 
the streets, actions are being taken by governments and individuals 
alike with no thought of the possible ramifications and future abuse. 
In the case of the tracker implant, even the designer of the chip, 
Kevin Warwick of the Cybernetics Department at Reading University, 
conceded that some parents might abuse the system or overreact if their 
children were late home. Still, despite such obvious shortcomings, he 
maintains that tagging was the correct course of action in the light of 
recent events. "The implant won't prevent abductions, nothing will," he 
admits." However, if the worst happens, parents will at least be in 
with a chance of finding their children alive." As a result, he has 
called for an urgent government debate on the issue, and believes 
ministers should consider implants for all children. 
 The idea of tagging all children with a tracker implant is such a 
monstrous idea that its hard to believe even EU anti-privacy crusaders 
would be willing to endorse it. While most do raise questions about the 
technology of whether the chip should remain dormant in the limb until 
an emergency arose, or whether it should emit a signal 24 hours a day, 
there has been surprisingly little debate over the practice itself. 
What has been considered a "debate" is whether only the police should 
have the authority to allow the system to be activated (as things 
stand, parents can have that right as well). No one has yet dared to 
mention or even consider the following nightmare scenario: a society 
where everyone is tagged with a tracker implant, starting in early 
childhood and carrying on into our adult years, where the focus changes 
from protection to surveillance. 
 All this, in conjunction with the present plans for a data retention 
regime and the existing SIS, would make the power of the state over the 
individual total. Once this happens, Logan's Run can't be far off. 

Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.