[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] update: russische und EU-Pläne zur Internet-Überwachung
SORM Clouds Over Europe
John Horvath 29.11.2002
How easily we forget
It's ironic how easily we forget our very recent past. It was not more
than five years or so ago when everyone in the world was up in arms
about SORM. SORM was a Russian law that would require all Russian ISPs
to install a device that would connect the ISP to the security agency
and let the FSB (formerly the Kremlin's Good Boys, or the KGB)
eavesdrop on all information, both incoming and outgoing. The worry was
not so much over SORM, but about the transition from the relatively
controllable SORM-1, which required warrants, to the uncontrollable
SORM-2. In essence, with SORM-2 wiretapping in Russia is as far as a
mouse click away.
Then, there was much ado about SORM-2, namely that it was a violation
of human rights. Business was concerned because of the potential for
"market damage", i.e., it would be bad for e-commerce. Also, there were
fears Internet growth may also be stunted as users would no longer
trust the Internet as a new media. What's ironic now is that history is
repeating itself -- this time across Europe and beyond -- with much
less concern than five years ago; no widespread discussions on human
rights, market damage, or stunted Internet growth. It's as if it's
business as usual.
The hostage crisis in Moscow by Chechen rebels has helped to
What's ironic now is that history is repeating itself -- this time
across Europe and beyond -- with much less concern than five years ago.
No widespread discussions on human rights, market damage, or stunted
Internet growth; it's as if it's business as usual. What is more, the
recent hostage crisis in Moscow by Chechen rebels has helped to
legitimate STORM. Indeed, in the aftermath of the hostage crisis it
looks as though Russia will be adopting a SORM-3 program, although
details of such a move haven't been made official.
It's only to be expected that the Russian government would move in
this direction. During the crisis, telecoms were required to capture
all telecommunication exchanges taking place throughout the region. The
"assistance" granted to Russia by other countries during the crisis
were of a similar nature, in that all forms of electronic
communications were monitored. In essence, the draconian measures of
the various terrorism packages adopted by governments throughout Europe
kicked in, with little or no scrutiny from outside observers or
In some instances, this even led to a police crackdown of sorts. In
Hungary, Chechen and other refugees were followed and closely monitored
by law enforcement. The treatment of suspect foreigners in Hungary was
similar to what befell Afghan refugees shortly after the terrorist
attacks in the US last year. Then, Afghan refugees were rounded up and
incarcerated together in a closely guarded compound; in effect, they
were all treated as potential criminals.
Unfortunately, such instances of state repression have now become the
rule and not the exception. And it not only has to do with former
dictatorships falling back on traditional means of governance or the
over-reaction of countries to terrorist or rebel attacks. In a further
blow to the privacy rights of citizens within the European Union (EU),
Eurocrats are planning to introduce a compulsory data retention regime
throughout Europe. Unlike the past, when Russia's SORM initiatives drew
scathing criticism from Europe, the European Commission (EC) seems
intent on borrowing and improving on SORM.
The traffic data of the whole population of the EU is to be held on
Under the European plan, which was first formulated by the Belgian
chair of the rotating presidency in the first half of 2002 and now
carried on by the Danish chair, all telecommunications firms, including
mobile phone operators and internet service providers, will have to
keep data identifying the source, destination, and time of a
communication (as well as the personal details of the subscriber to any
"communication device") on all forms of telecommunications sent and
received by EU citizens. This information, known as traffic data,
covers phone calls, faxes, mobile phone use, internet browsing, and
e-mail. All this data would be held in central computer systems and
made available to all EU governments for a period of 12-24 months. The
same would apply also to accession countries to the EU, that is, those
countries wishing to join the EU in the coming years, such as Hungary,
Poland, and the Czech Republic.
In essence, what this means is that the traffic data of the whole
population of the EU -- and the countries joining -- is to be held on
record against the basic rights of data protection, proper rules of
procedure, scrutiny by supervisory bodies and judicial review.
"It is a move from targeted to potentially universal surveillance,"
noted Tony Bunyan of Statewatch, a U.K.-based Internet organization
that monitors threats to civil liberties within Europe. "EU governments
claimed that changes to the 1997 privacy directive would not be binding
on member states -- each national parliament would have to decide. Now
we know that all along they were intending to make it compulsory across
According to Statewatch, the directive by the EU contains "grave
gaps" in terms of civil liberties protection. These include no
provisions for refusing to execute a request on human rights or privacy
grounds. Moreover, there are no limits as to what data can be exchanged
and there is no reference to controls on the copying of data. Nor is
there any reference to supervisory authorities on data protection or an
individual's right to correct, delete, or block data. Furthermore,
there is no mention of compensation for misuse or for related judicial
review, nor are there any rules for checking on the admissibility of
Just the tip of the iceberg
Until now, what gave EU citizens a small measure of security from
their own governments (at least on paper) was the 1997 European
Commission (EC) Directive on privacy in telecommunications. This was
the follow-up to the hard-won 1995 EC Directive on data protection, now
law across the EU. The 1997 EC Directive said that the only purpose for
which traffic data could be retained was for billing (i.e., for the
benefit of customers) -- and even then it had to be erased in due
course. Law enforcement agencies could only get access to the traffic
data with a judicial order relating to the activities of a specific
person or group.
The new measures simply overrides the 1997 EC Directive by deleting
the provisions for telecommunication providers to erase all data and to
have them keep traffic data for a so-called "limited period". Not
surprisingly, this was initially rationalised under the guise of
tackling "terrorism". But now, as war rhetoric increasingly falls on
deaf or critical ears, the mantra is that law enforcement agencies need
to have access to all traffic data for the purpose of criminal
investigations in general. This includes such things as participation
in a criminal organisation, terrorism, trafficking in human beings,
sexual exploitation of children, drug trafficking, money-laundering,
fraud, racism, hijacking and "motor vehicle crime".
Yet Statewatch sees this as just the tip of the iceberg. They maintain
that the new measures also carries "a strong hint" that another measure
is in the pipeline, that is, one to allow law enforcement agencies
access to the content as well as the traffic data of personal
communications. This would mean a further extension in the powers of
European security and intelligence agencies, allowing them to see the
contents of e-mails and intercepted calls and faxes.
For its part, the EU admits the plan involves an invasion of privacy
but maintains that the retention period of 12 to 24 months is "not
disproportionate". What is more, the "confidentiality and integrity" of
retained traffic data must be "ensured", but the architects of the plan
don't not say how. Also, there's no guarantee that the maximum
retention period -- two years -- will be kept. "Once you start
retaining the data it tends to hang around," commented Ian Brown of the
Foundation for Information Policy Research.
The issue surrounding the EU's plans for data retention isn't limited
to Europe, however. It extends far beyond, all the way to countries
like Canada. Indeed, the Canadian government is also considering a
proposal that would force Internet providers to rewire their networks
for easy surveillance by police and spy agencies. Not only this, there
is also talk of creating a national database of every Canadian with an
Internet account, a plan that would sharply curtail the right to be
Like the EU, Canadian officials argue that since more and more
communications take place in electronic form, such surveillance is
necessary in order to fight terrorism and combat run-of-the-mill
crimes. They also claim that Canada will be following its obligations
under the Council of Europe's cybercrime treaty, which still hasn't
been ratified by all EU members. Both Canada and the United States are
non-voting members of the Council of Europe, and representatives from
both countries' police agencies have endorsed the controversial
cybercrime treaty, which has drawn protests from human rights activists
and civil liberties groups. Yet so far, only Albania has formally
adopted the treaty.
For Canada, the importance of the new plans for data retention within
the EU is that it would further help the government make its case to
introduce sweeping changes to Canadian law. As it stands, most experts
agree that the Canadian proposal on its own seems weak to justify such
radical legal changes. Indeed, according to Sarah Andrews, an analyst
at the Electronic Privacy Information Center (EPIC) who specializes in
international law, the proposal goes beyond what the cybercrime treaty
"Their proposal for intercept capability talks about all service
providers, not just Internet providers. The cybercrime treaty deals
only with computer data."
An increased sense of paranoia in Europe over the notion of "security"
EPIC opposes the cybercrime treaty, saying it grants too much power to
police and does not adequately respect privacy rights. Yet the
data-retention proposals of the EU, and subsequently Canada, shouldn't
be viewed in isolation, but seen within the wider context of an
"anti-privacy" action plan practiced by the state.
Already, the EU has extended the Schengen Information System (SIS) to
create an EU database to target "suspected" protesters and bar them
from entering a country where a protest is planned. The SIS also
contains an EU database of all "foreigners" so as to remove "third
country nationals" who have not left within the "prescribed time
Meanwhile, the EU plans to combat terrorism by widening the definition
of terrorism to cover groups that aim to "seriously alter the
political, economic or social structure of one or more countries and
their institutions". This de-facto criminalisation of the right to
protest extends to the act of civil disobedience, which has now been
rephrased as "urban violence". To this extent, efforts have been
underway to create EU para-military police units to counter all forms
of public protest.
All this comes on the heels of an increased sense of paranoia in
Europe over the notion of "security". For instance, the latest fad
in the UK is to have children tagged with a tracker implant. That is,
children of worried parents are being fitted with a microchip so that
their movements can be traced if they are abducted. The miniature chip,
which is usually implanted in the arm or leg, will apparently send a
signal via a mobile phone network to a computer, which will be able to
pinpoint the location on an electronic map.
In one such example, parents said they had decided on getting the
tracking implant for their daughter after the abduction and murder of
two schoolgirls, Holly Wells and Jessica Chapman, a media story which
had gripped the British public. The rationale for such technology in
face of such a "threat" was summed up by the mother: "If a car is
stolen, it can be fitted with a computer to enable it to be tracked --
so why not apply the same principle to finding missing children?"
What is frightening in this brave new world of Big Brother is that
some parents actually think this way, leading others to assume that
such logic is sound. It appears no-one questions the underlying fallacy
of the car-child analogy; that is, children are not things.
Fortunately, not everyone is blindly stampeding down this alley.
According to a spokesperson for Kidscape, the charity aimed at stopping
children from being bullied and sexually abused:
"We do not think this is a good idea. Children should be taught
about the possible dangers, rather than having something stuck on them
that can maybe track them, and perhaps then only when it is too late."
Likewise, a spokesperson for a parents' association noted that "parents
and guardians must remember child abductions are extremely rare, and
that the vast majority of abuse happens within the home."
Thanks to the present climate of security paranoia, which ranges from
bearded terrorists milling in the crowds to sex offenders lurking in
the streets, actions are being taken by governments and individuals
alike with no thought of the possible ramifications and future abuse.
In the case of the tracker implant, even the designer of the chip,
Kevin Warwick of the Cybernetics Department at Reading University,
conceded that some parents might abuse the system or overreact if their
children were late home. Still, despite such obvious shortcomings, he
maintains that tagging was the correct course of action in the light of
recent events. "The implant won't prevent abductions, nothing will," he
admits." However, if the worst happens, parents will at least be in
with a chance of finding their children alive." As a result, he has
called for an urgent government debate on the issue, and believes
ministers should consider implants for all children.
The idea of tagging all children with a tracker implant is such a
monstrous idea that its hard to believe even EU anti-privacy crusaders
would be willing to endorse it. While most do raise questions about the
technology of whether the chip should remain dormant in the limb until
an emergency arose, or whether it should emit a signal 24 hours a day,
there has been surprisingly little debate over the practice itself.
What has been considered a "debate" is whether only the police should
have the authority to allow the system to be activated (as things
stand, parents can have that right as well). No one has yet dared to
mention or even consider the following nightmare scenario: a society
where everyone is tagged with a tracker implant, starting in early
childhood and carrying on into our adult years, where the focus changes
from protection to surveillance.
All this, in conjunction with the present plans for a data retention
regime and the existing SIS, would make the power of the state over the
individual total. Once this happens, Logan's Run can't be far off.
Mail an infowar -
- infopeace -
de mit "unsubscribe" im Text.